An Ethereum linked sidechain, identified as Ronin firm recently announced the successful conduct and passage of two audits for the Ronin Bridge. The venture announced the development via a tweet relayed through its official handle on Friday. According to Ronin, the audits covers both internal and external audits led by a popular security research lab, known as Verichains.
Ronin firm, however, says it has commenced the second external audit stage in a bid to satisfy the security gold standards. As revealed, Certik, a security-focused venture will lead the second external audit stage and its, processes will take 15 days. Afterward, the commencement of operation on the Ronin bridge tends to manifest in June, especially if the second audit comes out well.
Recall last month, Ronin bridge disclosed its blueprint that laid down actions intended to strengthen Ronin’s security now and in the future. An Aspects of the audit includes Ronin audit and Ronin bridge audit particularly. As revealed last month, the Ronin team is effecting an upgrade on the smart contracts. The team intends to reshape the backend, moving all awaiting withdrawals on the network. More so, the upgrade tends to witness the launching of a validator dashboard. This helps to grossly aid large transactions, adding and removing new validators. As things stand, the network enjoys the support of Binance, a crypto exchange which provides withdrawal and deposit aids for Axie users till then.
The exploitation of Ronin bridge and how it manifested
A report in March confirmed the Axie Infinity hack on the Ronin network. The exploitation, consequently led to the loss of funds amounting to 173,600 ether and $25.5 million USDC loss. The current value of the aggregate loss stands at about $625 million. However, in April, the Federal Bureau of Investigation linked a state-sponsored hacking team in North Korea, Lazarus to the hack. The FBI in its report advised all crypto exchanges and blockchain firms to upgrade their security measures.
According to the Post-Mortem report released by Ronin, the genesis of the security breach can be traced to November 2021. As revealed, the risk began when Sky Mavis demanded that Axie DAO transfer free transactions owing to large user load. With this, the Axie DAO thus whitelisted Sky Mavis to endorse various transactions on its behalf till December 2021. Unfortunately, after the termination of the deal, the network failed to revoke the permitting access link.
The Post-Mortem further that the link became accessed through a malicious spoofing of Sky Mavis former employee. The hackers after spoofing on the individual capitalized on the details to access 4 validator nodes out of 9. More so, the report confirmed that the hackers accessed an entrance via the gas-free RPC node of the network.