More than a month later, a clearer picture of the colossal security flaw in Sky Mavis’ Ronin network is finally emerging. The major hack of Sky Mavis Ronin Validator Nodes and Axie DAO Validator Nodes led to the theft of over $600 million from the Ronin Bridge. Now, Axie Infinity’s Home Network has released a full post-mortem on the incident, detailing exactly what happened.
Ronin Network Explains Factors Behind Historic Security Breach
The heist of 73,600 ETH and 25.5 million USDC from the Ronin network is one of the biggest security breaches in DeFi’s short history. Needless to say, Ronin Network is under immense pressure. Not only to rectify the situation for its users but also to rebuild public trust.
To that end, the Ronin Network security breach goes over everything that happened and the changes the team is making to tighten up their security.
The first point Ronin Network addresses in its post-mortem is why it took so long to identify the security flaw in the first place. To clarify, while the hack happened on March 23, the Sky Mavis team didn’t realize it until March 29.
Surprisingly, Ronin admits this was possible because he “…didn’t have a proper tracking system to monitor the large flows from the bridge.” As a result, he notes that transactions of this size will require “human interaction” on his new Ronin deck.
Next, the postmortem explains how a (now former) employee was compromised by what he calls an “advanced spear phishing attack.” This is how the hackers were able to breach Sky Mavis’ computer security and gain access to the validation nodes.
An oversight allowed hackers to take control of more than half of the Ronin validator nodes
The next major error from Sky Mavis concerns the Axie DAO validator. To explain, in November 2021, Sky Mavis asked Axie DAO to help distribute free transactions. This was due to a high user load at the time. In response, the Axie DAO authorized Sky Mavis to sign transactions on its behalf.
The fatal error occurred when this arrangement ended in December 2021. At that time, permission list access allowing Sky Mavis to sign transactions was not revoked.
Due to the oversight, hackers were able to use Sky Mavis’ gasless RPC to obtain the Axie DAO validator’s signature. By doing so, the hacker was able to take control of the validators in the 5/9 Ronin network. It was necessary to effect the withdrawal and complete the attack.
What is Ronin doing about the security breach?
First, Ronin decided to add more validator nodes to avoid any similar security flaws. He also acted quickly to assure users that they would be compensated. The post-mortem also includes details on the new Ronin network security roadmap. Some of the roadmap points include:
- Continuously work with leading security experts to prevent persistent threats.
- Increase the number of validation nodes on the Ronin network
- Implement stricter internal procedures
- Bug bounty launch
All things considered, this Ronin Network security breach is the worst pain point in what has been a very difficult year for Axie Infinity creators Sky Mavis. 2022 was a stark contrast to 2021. After all, last year Sky Mavis’ Axie Infinity became arguably the first successful blockchain game. In any case, Sky Mavis and its backers are doing all they can to move positively from the huge setback.
It should also be noted that the attackers were far from your average hacker. At the time of the security breach, no one knew who had actually hacked into the Ronin network. However, it later emerged that a state-sponsored North Korean pirate group, Lazarus Group, had carried out the attack.
You can read Ronin Network’s full post-mortem here.