NFT EveningNFT Evening

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    CyberBrokers NFT: Everything To Know

    June 27, 2022

    Gucci x SuperRare Partnership: What You Should Know

    June 27, 2022

    Rolling Stone Launches 2nd NFT Collaboration With Yuga Labs’ BAYC

    June 27, 2022
    Facebook Twitter Instagram Reddit
    NFT Evening NFT Evening
    • Home
    • News
    • Crypto Art
    • Collectibles
    • Blockchain games
    • Interviews
    • Guides
    • NFT Calendar
    • NFT Conferences
    NFT EveningNFT Evening
    News

    The Axie Infinity Ronin Network Security Breach: What Really Happened?

    By OlaApril 27, 20224 Mins Read
    Share
    Twitter WhatsApp Reddit Email Facebook LinkedIn

    Over a month later, a clearer picture of the colossal security breach of Sky Mavis’ Ronin Network is finally emerging. The major hack of Sky Mavis’s Ronin validator nodes and the Axie DAO validator nodes led to over $600 million being stolen from the Ronin Bridge. Now the home network of Axie Infinity has put out a full post-mortem on the incident, detailing exactly what happened.

    Characters from the centerpiece of the Ronin Network, Axie Infinity
    Ronin Network, home of top P2E game Axie Infinity, has published a post-mortem of the record-breaking hack it suffered last month. Credit: Axie Infinity

    Ronin Network explains the factors behind historic security breach

    The 73,600 ETH and 25.5M USDC heist of the Ronin Network is one of the biggest security breaches in the short history of DeFi. Needless to say, Ronin Network is facing immense pressure. Not only to rectify the situation for its users but also to rebuild public trust.

    To that end, Ronin Network’s security breach postmortem goes through everything that happened, and the changes the team is making to boost its security.

    The first point that Ronin Network addresses in its post-mortem, is why it took so long to identify the security breach in the first place. To clarify, while the hack happened on March 23, the Sky Mavis team didn’t realize it until March 29.

    Astoundingly, Ronin admits that this was possible because it, “…didn’t have a proper tracking system for monitoring large outflows from the bridge”. As a result, it notes that transactions of that size will require “human interaction” on its new Ronin bridge.

    Next, the post-mortem explains how a (now-former) employee was compromised by what it calls an “advanced spear-phishing attack”. That is how the hackers were able to breach Sky Mavis’ IT security and access the validator nodes.

    graphic showing Ronin Network elements including Axie Infinity
    Most activity on the Ronin Network stems from the blockbuster NFT game, Axie Infinity, Credit: Ronin Network

    An oversight allowed hackers to take control of more than half of the Ronin validator nodes

    The next major blunder on Sky Mavis’ part relates to the Axie DAO validator. To explain, back in November 2021 Sky Mavis asked the Axie DAO to help distribute free transactions. This was due to a high user load at the time. In response, the Axie DAO allowed Sky Mavis to sign transactions on its behalf.

    The fatal error came when this arrangement ended in December 2021. At that time, the allowlist access enabling Sky Mavis to sign transactions was not revoked.

    Due to the oversight, the hackers were able to use Sky Mavis’ gas-free RPC to get the signature from the Axie DAO validator. In so doing, the hacker was able to take control of 5/9 Ronin Network validators. That was necessary to make the withdrawal and complete the attack.

    "securing Ronin" response graphic to Ronin Network security breach
    The team behind Ronin Network is working to make sure it never suffers another security breach. Credit: Ronin Network

    What is Ronin Doing about the security breach?

    Firstly, Ronin moved to add more validator nodes to prevent any similar security breaches. It also acted quickly to assure users that they would be compensated. The postmortem also includes details on the Ronin Network’s new security roadmap. Some of the points on the roadmap include:

    • Continuously working with top-tier security experts to avoid lingering threats.
    • Increasing the amount of Validating Nodes on Ronin Network
    • Implementing Stricter Internal Procedures
    • Launching a bug bounty

    All things considered, this security breach of the Ronin Network is the worst pain point in what has been a very challenging year for Axie Infinity creators, Sky Mavis. 2022 has been a stark contrast to 2021. After all, last year was when Sky Mavis’ Axie Infinity became arguably the first smash-hit blockchain game. In any case, Sky Mavis and its backers are doing everything they can to move on positively from the enormous setback.

    It’s also worth noting that the attackers were far from your average hacker. Around the time of the security breach, nobody knew who actually hacked the Ronin Network. However, it later came out that a state-sponsored North Korean hacker group, Lazarus Group carried out the attack.

    You can read the full post-mortem from Ronin Network here.


    Are you tired of missing important NFT drops?

    Check out our NFT Calendar!

    Receive the biggest NFT news of the day & recommendations in our Daily newsletter. 

    • All of our news is being sent daily on Telegram
    • We summarize the biggest news daily on Twitter & Instagram 
    • Learn with video tutorials and subscribe to our Youtube Channel 

     


    All investment/financial opinions expressed by NFTevening.com are not recommendations.

    This article is educational material.

    As always, make your own research prior to making any kind of investment.

    Share. Facebook Twitter Pinterest LinkedIn Email Reddit WhatsApp
    Ola

      Ola is a US-based writer and digital nomad. He loves thinking, learning, and writing about all things Web3, particularly its impact on major creative industries.

      More great NFT Evening content:

      Gucci x SuperRare Partnership: What You Should Know

      June 27, 2022 News

      Rolling Stone Launches 2nd NFT Collaboration With Yuga Labs’ BAYC

      June 27, 2022 News

      Bentley Announces Its NFT Debut

      June 27, 2022 News

      X2Y2 NFT Marketplace Delists & Relists Ryder Ripps’ NFT Collection

      June 27, 2022 News
      Latests NFT News

      CyberBrokers NFT: Everything To Know

      June 27, 2022

      Gucci x SuperRare Partnership: What You Should Know

      June 27, 2022

      Rolling Stone Launches 2nd NFT Collaboration With Yuga Labs’ BAYC

      June 27, 2022

      DeSci: What Is It and Why Should Anyone Care?

      June 27, 2022



      • Follow @NFTevening


      By signing up, you agree to the our terms and our Privacy Policy agreement

      NFT evening is the biggest website for NFT news. We are dedicated to supporting mainstream NFT adoption by making content fun & accessible. Learn about NFT collectibles, NFT art and the best blockchain games that even let you earn free crypto! Whether you want to invest in NFTs, create NFTs or simply collect them, NFTevening is the first stop for all the NFT news you need!

      Facebook Twitter Instagram YouTube
      Article Categories
      • Blockchain games
      • Collectibles
      • Crypto Art
      • Guides
      • Interviews
      • Metaverse
      • News
      • Sponsored Content
      NFT Calendar
      • Today’s NFT Drops
      • Upcoming NFT Drops
      • Solana NFT Drops
      • NFT Calendar
      • NFT Calendar : Add Your NFT Event
      Get In Touch
      • Advertise (Media Kit)
      • Collaboration and Press Releases
      • Job Opportunities
      • About Us
      • Contact Us
      NFT Beginners Guides
      • How to Sell NFT Art
      • How to Create NFT Art
      • How to Display NFT Art
      • How To Make Passive Income With NFTs
      • Best Crypto Wallet
      • Best NFT Coins
      • Best NFT Rarity Tools
      • What is a DAO ?
      • What Are Crypto Gas Fees ?

      Type above and press Enter to search. Press Esc to cancel.