Ronin Network – an Ethereum-linked sidechain – assured it identified the hackers related to last month’s $600M+ exploit, and all user funds are “in the process of being restored.” Additionally, the entity implemented enhanced security measures to prevent such attacks in the future.
More details about the hack
The project revealed that the cyberattack occurred on March 23 and was identified on March 29 by the Sky Mavis team. “We did not have a proper tracking system to monitor significant bridge exits, which is why the breach was not discovered immediately,” the entity explained on the delay.
The bad actors got control over five of the nine validator private keys – 4 Sky Mavis validators and 1 Axie DAO – and stole 173,600 ETH and 25.5 million worth of USDC. The criminals drained the crypto assets in two transactions as the total amount equaled around $620 million.
Ronin Network has revealed that the hackers managed to take control by compromising a Sky Mavis employee. After discovering the person’s connection to the incident, the organization fired that team member.
At the time of the hack, Sky Mavis controlled 4 out of 9 validators, which would not be enough to forge withdrawals. The validator key scheme is based on decentralization and restrains an attack vector. However, the wrongdoers found a “backdoor through the gas-free RPC node, which they abused to get the signature for the Axie DAO validator.”
Improve the security system
The company is committed to joining forces with top security experts, including CrowdStrike and Polaris Infosec, to prevent such attacks from happening again. It has also collaborated with other companies that should make sure hackers can’t break through the network’s defense.
Sky Mavis increased the amount of validating nodes on the Ronin Network – from nine to eleven. In the next three months, the organization plans to push that number to 21, “with the long-term goal of having over 100.”
The project also wants stricter internal procedures and plans to launch more training for its employees, preparing them to be ready if a similar case were to happen again.
“Ronin is now the gold standard when it comes to security. All code is being fully reviewed and optimized, with security experts looking at the entire architecture,” the organization emphasized.
Who were the pirates?
Ronin Network has accepted the FBI’s accusation that North Korea’s main cybercrime gang – “The Lazarus Group” – carried out the attack. The hackers were described as an “extremely resourceful and sophisticated” team involved in numerous similar attacks over the past few months. In addition, Ronin thanked the American authorities for the assistance rendered and the identification of the attackers.
The Ronin Network bridge intended to open by the end of April, but it will push the time frame until mid/late May. In the meantime, the world’s largest crypto exchange – Binance – will support the network for both wETH and USDC withdrawals and deposits for Axie Infinity users:
“We initially thought we could roll out the upgrade by the end of April, but it’s not a process we can afford to rush. The bridge will secure billions of dollars in assets, and it needs to be done right. If all goes as planned, the bridge will reopen in mid/late May.
