Over a month later, a clearer picture of the colossal security flaw in Sky Mavis’ Ronin network is finally emerging. The major hack of Sky Mavis’ Ronin validation nodes and the Axie DAO validation nodes resulted in over $600 million being stolen from the Ronin Bridge. Now, Axie Infinity’s home network has released a full post-mortem of the incident, detailing exactly what happened.
Ronin Network explains the factors behind historical security breaches
The 73,600 ETH and 25.5M USDC heist on the Ronin network is one of the largest security breaches in DeFi’s short history. Needless to say, Ronin Network is under tremendous pressure. Not only to rectify the situation for its users, but also to restore public confidence.
To that end, Ronin Network’s security breach post mortem iterates over everything that happened and the changes the team is making to increase its security.
The first point Ronin Network addresses in its post-mortem is why it took so long to identify the vulnerability in the first place. To clarify, while the hack happened on March 23rd, the Sky Mavis team didn’t notice it until March 29th.
Amazingly, Ronin admits that this was possible because it “…did not have a proper tracking system to monitor large outflows from the bridge”. As a result, it notes that transactions of this magnitude will require “human interaction” on its new Ronin Bridge.
Next, the autopsy explains how a (now ex-) employee was compromised through what is known as an “enhanced spear phishing attack.” This allowed the hackers to crack Sky Mavis’ IT security and access the validation nodes.
An oversight allowed hackers to take control of more than half of the Ronin validation nodes
Sky Mavis’ next big bug concerns the Axie DAO validator. To explain: Back in November 2021, Sky Mavis asked the Axie DAO to help distribute free transactions. This was due to a high user load at the time. In response, the Axie DAO allowed Sky Mavis to sign transactions on their behalf.
The fatal error occurred when that agreement ended in December 2021. At this time, access to the allow list that allowed Sky Mavis to sign transactions has not been revoked.
Due to the oversight, the hackers were able to use Sky Mavis’ gasless RPC to get the signature from the Axie DAO validator. This allowed the hacker to take control of 5/9 Ronin Network validators. This was necessary to conduct the retreat and complete the attack.
What is Ronin doing about the security breach?
First, Ronin has added more validation nodes to prevent similar security breaches. It also acted quickly to assure users that they would be compensated. The autopsy also includes details of the Ronin Network’s new security roadmap. Some of the items on the roadmap are:
- Continuous collaboration with top-level security experts to avoid persistent threats.
- Increasing the number of validating nodes in the Ronin network
- Implement stricter internal procedures
- Start a bug bounty
All in all, this Ronin Network security breach is the worst pain point in what has been a very challenging year for Axie Infinity creators, Sky Mavis. 2022 was a stark contrast to 2021. Last year, Sky Mavis’ Axie Infinity was arguably the first successful blockchain game. In any case, Sky Mavis and his supporters are doing everything they can to survive the enormous setback on a positive note.
It’s also worth noting that the attackers were far from your average hacker. Around the time of the security breach, no one knew who actually hacked the Ronin network. However, it was later revealed that a state-sponsored North Korean hacker group, the Lazarus Group, had carried out the attack.
You can read Ronin Network’s full post-mortem here.