Plan for $1M bug bounties and double the nodes in wake of $600M Ronin hack

The Ronin Network and Sky Mavis person vowed to upgrade their astute contracts, connection lucrative bug bounties and ramp up information pursuing the $600 cardinal hack precocious past month.

As Cointelegraph antecedently reported, the Ethereum sidechain developed for the fashionable NFT crippled Axie Infinity was the unfortunate of an exploit for 173,600 Ether (ETH) and 25.5 cardinal USD Coin (USDC) worthy more than $612 million astatine the time.

Earlier this period the Federal Bureau of Investigation (FBI) attributed the onslaught to North Korea-based and state-sponsored hacking radical Lazurus, arsenic it fired disconnected a warning to different crypto and blockchain organizations.

Ronin announced its level changes via a post-mortem study published yesterday, noting that each idiosyncratic funds are successful the process of being restored arsenic it vowed to marque definite this “never happens again.”

— Ronin (@Ronin_Network) April 27, 2022

The hack tally down

The hack was the effect of a spear phishing onslaught connected a erstwhile Sky Mavis worker (developers of Axie Infinity). The atrocious histrion was capable to leverage the employee’s credentials to access Sky Mavis’s 4 validator nodes retired of a full of 9 successful the Axie/Ronin ecosystem.

This by itself was not capable to bash immoderate damage, but “the attacker recovered a backdoor done our gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”

“This traces backmost to November 2021 erstwhile Sky Mavis requested assistance from the Axie DAO to administer escaped transactions owed to an immense idiosyncratic load. The Axie DAO allowlisted Sky Mavis to motion assorted transactions connected its behalf. This was discontinued successful December 2021, but the let database entree was not revoked,” the study reads.

Following the hack, large changes are being implemented astatine some Sky Mavis and the Ronin Network.

Ronin

The Ronin Network hopes to person its span unfastened again by mid to precocious May, with Binance providing enactment until past with withdrawal and deposit infrastructure for Axie users.

The squad is astir 80% done upgrading Ronin span astute contracts, they’ll beryllium reworking the backend, migrating each pending withdrawals and launching a validator dashboard that “allows for approving ample transactions and adding/removing caller validators.”

“The Ronin Network span is presently being redesigned and volition unfastened erstwhile we are assured that it tin basal the trial of time. We initially expected to beryllium capable to deploy the upgrade by the extremity of April, but this is not a process that we tin spend to rush.”

Related: Binance recovers $5.8M successful funds connected to Ronin span exploit

Sky Mavis

Sky Mavis volition ramp up its information measures by seeking the assistance of “top tier information experts,” conducting declaration audits and implementing stricter interior procedures specified arsenic grooming courses to “combat outer threats.”

Notably, it volition besides beryllium importantly upping its node number to assistance decentralize the project. Having already accrued from 9 to 11, Sky Mavis intends to get that fig up to 21 wrong 3 months. Longer-term, the task is eyeing much than 100 nodes.

Sky Mavis volition besides beryllium launching bug bounties of up to $1 cardinal for immoderate achromatic chapeau hackers who are capable to find further vulnerabilities.

“We admit the value and worth of information researchers’ efforts successful helping support our assemblage safe. Sky Mavis is offering bounties of up to $1 cardinal to promote liable disclosure of information vulnerabilities.”