Wed, 13 Apr 2022 08:19:23 +0000
The popular blockchain game Axie Infinity has been left shaking after the $650 million Ronin bridge hack. The studio behind the game, Sky Mavis, has been taking multiple measures to try to secure the network and win back the confidence of users. The latest move announced is a $1 million bug bounty program that invites white hat hackers to stress test the blockchain.
Co-Founder and COO of Sky Mavis and Axie announced: “Calling all whitehats in the blockchain space. The Sky Mavis Bug Bounty program is here. Help us keep the Ronin Network secure while earning a bounty up to $1,000,000 in bounty for fatal bugs.”
On March 23rd, a hacker was able to scoop $600 million from the Ronin bridge. It is the largest hack in the history of decentralized finances so far. The Ronin Network team confirmed that Sky Mavis’s Ronin validator nodes and Axie DAO validator nodes were compromised as the attacker used “hacked private keys in order to forge fake withdrawals.”
The attack was uncovered after the attacker was unable to withdraw 5k ETH from the bridge. But it was too late, as they had already drained 173,600 Ethereum and 25.5M USDC from the Ronin bridge in two transactions.
The Ronin team stated that they are working with law enforcement officials, forensic cryptographers, and investors “to make sure all funds are recovered or reimbursed,” and added that “All of the AXS, RON, and SLP on Ronin are safe right now.”
“While racing for mainstream adoption, we made some trade-offs that ended up leaving us vulnerable to this sort of attack. It’s a lesson that we’ve learned the hard way. A lesson that will guide how we build Ronin out moving forward. We’re confident that we will come out stronger and wiser from this.”
As a response, the Sky Mavis team raised $150 million led by crypto exchange Binance with participation from Animoca Brands, a16z, Dialectic, Paradigm, with the goal to reimburse all the funds stolen during the hack to the affected users.
Since then, the team has been working with Chainalysis and Crowdstrike “to monitor the stolen funds” and “to handle forensics and the setup of surveillance tools.”
Bridges can be a vulnerable point for blockchain projects, and this hack set a big warning about it. Bridges connect blockchains with the purpose of enabling transactions between tokens built on different ecosystems. However, bridges have a complex code and don’t have enough security standards yet, and hackers are gazing upon them to spot any vulnerability.
Bridges can be so complex that it is not 100% clear if code auditing is enough to ensure the Ronin bridge’s safety. The Ronin team had stated that they are in the process of “implementing rigorous internal security measures to prevent future attacks.”
“The Ronin Network bridge will open once it has undergone a security upgrade and several audits, which can take several weeks.”
Now, they are calling in all white-hat hackers of the blockchain to search for vulnerabilities in exchange for a handsome reward. The team has given a list of products that should be stress-tested while prioritizing smart contracts and blockchain, websites, and apps. They noted that the only vulnerabilities that are considered eligible for monetary rewards are those with a working proof of concept that shows how they can be exploited.
Rewards for Smart Contracts and Blockchain vary from $1,000 to $1,000,000, and for Web and Apps, they vary from $50 to $15,000. All rewards will be paid in AXS tokens and only a specified portion of the received funds can be liquidated per month.
“It is possible that extraordinarily severe issues or those with extreme impact may be rewarded up to $1,000,000″ the announcement stated and added that “Sky Mavis may award an additional reward bonus for exceptional reports.·
For the past weeks, Axie Infinity’s token AXS has been tumbling, falling around 30% after the hack. However, traders are watching out for a breakout above the key resistance level of $58 as the current zone has previously served for accumulation, which could mean a rebound for AXS. However, there also seems to be a risk to trigger a head-and-shoulders pattern, which could sink AXS further down. The token is down 0.09% in the last 24 hours.