The Axie Infinity Ronin Network Security Breach: What Really Happened?

Over a month later, a clearer picture of the colossal security breach of Sky Mavis’ Ronin Network is finally emerging. The major hack of Sky Mavis’s Ronin validator nodes and the Axie DAO validator nodes led to over $600 million being stolen from the Ronin Bridge. Now the home network of Axie Infinity has put out a full post-mortem on the incident, detailing exactly what happened.

Ronin Network explains the factors behind historic security breach

The 73,600 ETH and 25.5M USDC heist of the Ronin Network is one of the biggest security breaches in the short history of DeFi. Needless to say, Ronin Network is facing immense pressure. Not only to rectify the situation for its users but also to rebuild public trust.

To that end, Ronin Network’s security breach postmortem goes through everything that happened, and the changes the team is making to boost its security.

The first point that Ronin Network addresses in its post-mortem, is why it took so long to identify the security breach in the first place. To clarify, while the hack happened on March 23, the Sky Mavis team didn’t realize it until March 29.

Astoundingly, Ronin admits that this was possible because it, “…didn’t have a proper tracking system for monitoring large outflows from the bridge”. As a result, it notes that transactions of that size will require “human interaction” on its new Ronin bridge.

Next, the post-mortem explains how a (now-former) employee was compromised by what it calls an “advanced spear-phishing attack”. That is how the hackers were able to breach Sky Mavis’ IT security and access the validator nodes.

An oversight allowed hackers to take control of more than half of the Ronin validator nodes

The next major blunder on Sky Mavis’ part relates to the Axie DAO validator. To explain, back in November 2021 Sky Mavis asked the Axie DAO to help distribute free transactions. This was due to a high user load at the time. In response, the Axie DAO allowed Sky Mavis to sign transactions on its behalf.

The fatal error came when this arrangement ended in December 2021. At that time, the allowlist access enabling Sky Mavis to sign transactions was not revoked.

Due to the oversight, the hackers were able to use Sky Mavis’ gas-free RPC to get the signature from the Axie DAO validator. In so doing, the hacker was able to take control of 5/9 Ronin Network validators. That was necessary to make the withdrawal and complete the attack.

What is Ronin Doing about the security breach?

Firstly, Ronin moved to add more validator nodes to prevent any similar security breaches. It also acted quickly to assure users that they would be compensated. The postmortem also includes details on the Ronin Network’s new security roadmap. Some of the points on the roadmap include:

• Continuously working with top-tier security experts to avoid lingering threats.
• Increasing the amount of Validating Nodes on Ronin Network
• Implementing Stricter Internal Procedures
• Launching a bug bounty

All things considered, this security breach of the Ronin Network is the worst pain point in what has been a very challenging year for Axie Infinity creators, Sky Mavis. 2022 has been a stark contrast to 2021. After all, last year was when Sky Mavis’ Axie Infinity became arguably the first smash-hit blockchain game. In any case, Sky Mavis and its backers are doing everything they can to move on positively from the enormous setback.

It’s also worth noting that the attackers were far from your average hacker. Around the time of the security breach, nobody knew who actually hacked the Ronin Network. However, it later came out that a state-sponsored North Korean hacker group, Lazarus Group carried out the attack.

You can read the full post-mortem from Ronin Network here.