Ronin network and Sky Mavis recently announced their intentions to respectively upgrade their smart contracts as one of the measures geared toward averting the recurrence of last month’s security breach which led to a loss of about $600 million. The ventures also pledge to offer whooping bug bounties as well as tidy up other necessary measures to secure their platforms.
Ronin network, however, confirmed the initiation of the new upgrade on its platform via a post-mortem report relayed last Wednesday. With this new development, all funds of its subscribers become restored, just as the network insisted that such breach will never occur on its platform again.
A report in March confirmed the Axie Infinity hack on the Ronin network amounted to 173,600 ether and $25.5 million USDC loss. The current value of the losses, however, amounts to more than $625 million. However, in April, the Federal Bureau of Investigation linked a state-sponsored hacking team in North Korea, Lazarus to the hack. The FBI in its report advised all crypto exchanges and blockchain firms to improve their security measures.
How the Ronin network security breach manifested?
Recall that the breach on the Ronin network ensued from the malicious spoofing of a former employee of Sky Mavis. As revealed, the scammer capitalized on the details secured through the individual to access 4 validator nodes out of 9. This, however, manifested in the Axie/Ronin ecosystem.
Consequently, the suspect discovered the need to infiltrate further to successfully gain full access into Axie infinity, developed by Sky Mavis. To get it done, the scammer accessed an entrance via the gas-free RPC node of the network. He, however, took advantage of the weak line to secure a signature for the Axie DAO validator.
The published post-mortem report traced the etymology of the breach to November 2021. The report, however, claims it started when Sky Mavis asked Axie DAO to relay free transactions owing to the large user load. As revealed, the Axie DAO consequently whitelisted Sky Mavis to approve various transactions on its behalf till December 2021. However, despite the discontinuation of the deal, the permitting access link was not terminated according to the report.
How Ronin intends to brace up its security
The outcome of the hack force Sky Mavis and Ronin network to improve their platforms. As for Ronin network, it plans to reopen its bridge by middle or late May. This, however, becomes possible via the support of Binance, a leading crypto exchange that currently provides withdrawal and deposit aids for Axie users till then.
As at press time, the team is 80% close to completing the upgrade on the smart contracts. The team intends to reshape the backend, moving all awaiting withdrawals on the network. More so, the upgrade tends to witness the launching of a validator dashboard, capable of aiding large transactions, and adding and removing new validators.
How Sky Mavis intends to improve its security framework?
As for Sky Mavis, the venture intends to improve its security framework, particularly by employing top-notch security experts. The platform also vows to initiate contract audits and execute stern internal measures. The measures, however, include instigating training programmes to tackle external threats. In addition, the venture plans to hugely enhance its node count to decentralize the platform. As of press time, the node count in Sky Mavis already increased from 9 to 11.
However, the venture plans to up the number to 21 within three months and a longer foresight of 100 nodes. Sky Mavis also announced the plan to instill big bounties of over $1 million for the identification of vulnerabilities. The venture intends to encourage security researchers in aiding the safety of the platform with such decisions.