Ronin Network – an Ethereum-linked sidechain – assured it identified the hackers related to last month’s $600M+ exploit, and all user funds are “in the process of being restored.” Additionally, the entity implemented enhanced security measures to prevent such attacks in the future.
Further Details on the Hack
The project revealed that the cyber assault happened on March 23 and was identified on March 29 by the Sky Mavis team. “We didn’t have a proper tracking system for monitoring large outflows from the bridge, which is why the breach wasn’t discovered immediately,” the entity explained on the delay.
The bad actors got control over five of the nine validator private keys – 4 Sky Mavis validators and 1 Axie DAO – and stole 173,600 ETH and 25.5 million worth of USDC. The criminals drained the crypto assets in two transactions as the total amount equaled around $620 million.
Ronin Network disclosed that the hackers managed to gain control by compromising one Sky Mavis employee. Upon discovering the person’s connection to the incident, the organization fired that team member.
At the time of the hack, Sky Mavis controlled 4 out of 9 validators, which would not be enough to forge withdrawals. The validator key scheme is based on decentralization and restrains an attack vector. However, the wrongdoers found a “backdoor through the gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
Enhancing the Security System
The company vowed to join forces with top security experts, including CrowdStrike and Polaris Infosec, to prevent such attacks from happening again. It also collaborated with other firms that should ensure hackers are unable to breach the network’s defense.
Sky Mavis increased the amount of validating nodes on the Ronin Network – from nine to eleven. In the next three months, the organization plans to push that number to 21, “with the long-term goal of having over 100.”
The project also wants stricter internal procedures, and it plans to launch more training courses for its employees, preparing them to be ready if a similar case occurs again.
“Ronin is now the gold standard when it comes to security. All code is being fully reviewed and optimized, with security experts looking at the entire architecture,” the organization emphasized.
Who Were the Hackers?
Ronin Network agreed with the FBI’s accusation that the leading North Korean cybercrime gang – “The Lazarus Group” – carried out the attack. The hackers were described as an “extremely resourceful and sophisticated” team involved in many similar assaults in recent months. In addition, Ronin thanked the US authorities for the provided help and the identification of the attackers.
The Ronin Network bridge intended to open by the end of April, but it will push the time frame until mid/late May. In the meantime, the world’s largest crypto exchange – Binance – will support the network for both wETH and USDC withdrawals and deposits for Axie Infinity users:
“We initially expected to be able to deploy the upgrade by the end of April, but this is not a process that we can afford to rush. The bridge will secure billions of dollars in assets, and it needs to be done right. If all goes as planned, the bridge will reopen in mid/late May.”