The Ronin Network and Sky Mavis have vowed to upgrade their smart contracts, offer lucrative bug bounties and ramp up security following the $600 million hack late last month.
As Cointelegraph previously reported, the Ethereum sidechain developed for the popular NFT game Axie Infinity was the victim of an exploit for 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) worth more than $612 million at the time.
Earlier this month the Federal Bureau of Investigation (FBI) attributed the attack to North Korea-based and state-sponsored hacking group Lazurus, as it fired off a warning to other crypto and blockchain organizations.
Ronin announced its platform changes via a post-mortem report published yesterday, noting that all user funds are in the process of being restored as it vowed to make sure this “never happens again.”
We have put together a postmortem regarding the Ronin exploit that occurred on March 23rd.• Why it happened• What we're doing to make sure this never happens again• Ronin bridge re-opening updatehttps://t.co/FfwCtCG84E
The hack was the result of a spear phishing attack on a former Sky Mavis employee (developers of Axie Infinity). The bad actor was able to leverage the employee’s credentials to access Sky Mavis’s four validator nodes out of a total of nine in the Axie/Ronin ecosystem.
This by itself was not enough to do any damage, but “the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
“This traces back to November 2021 when Sky Mavis requested help from the Axie DAO to distribute free transactions due to an immense user load. The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in
Read more on cointelegraph.com