Summary
- $600m Ronin bridge hack traced back to North Korea, FBI warns
- Sky Mavis raises $150m to aid in reimbursing affected players
- Bug Bounty Program launched that will reward up to $1m for reported security flaws
In March this year, we saw one of the biggest hacks in history, not just in crypto. Sky Mavis developed their Ethereum sidechain, Ronin, for their hit blockchain game, Axie Infinity, to overcome high gas fees and slow transaction speeds. However, as Vitalik Buterin prophesized, bridges can be a security flaw. He was proven right within a few months.
On 29th March 2022, a security breach of the Ronin bridge saw a hacker or group of hackers make off with 173,600 Ethereum and 25.5 million USDC, equating to roughly $600m. For a brief explanation of how the hacker exploited the bridge, you can check this article. This month, the FBI, CISA, and the US Treasury announced that the hack likely originated in North Korea as part of a state-sponsored attack on blockchain.
The Ronin network, bridge, and the Katana DEX (the exchange for Axie Infinity) were all taken offline as soon as the hack was noticed (which took 6 days) and the bridge is still down, though Ronin hope to have it up and running again by the middle of May.
White Hat, Green Pockets
Although the funds may be returned to the affected and a financial hit taken by Sky Mavis, these high-profile hacks do more damage to the responsible company’s reputation than can sometimes be repaired. Sky Mavis has drafted in security experts and overhauled internal procedures, as well as lots of other words people want to hear that could mean almost anything.
One actionable and relatively clear initiative Sky Mavis has laid down is their Bug Bounty Program, a common policy by large tech companies to encourage white hat hackers to share the exploits and security flaws, rather than abuse them. There is a rather rich history of white hat or “ethical” hacking in crypto, with Ethereum benefitting from it at the point of the hard fork.
Sky Mavis is eager to work with the community to make sure that every researcher’s finding is rewarded fairly – based on the vulnerability’s impact on business and overall severity. To this end, it is possible that extraordinarily severe issues or those with extreme impact may be rewarded up to $1,000,000.
Sky Mavis
As you can see in the quote above, if you were to find a flaw of the magnitude we saw in March, you’d net yourself a cool $1m reward and would never have to look over your shoulder.
The hack may have unsettled the crypto world, but it hasn’t put off investors, with a $150m funding round achieved just days after the theft was announced. This funding round saw investment from the likes of blockchain gaming sugar daddy, Animoca Brands, and the money was earmarked for reimbursing affected players in the bridge attack.
I am far from a security expert and although to my layman’s eyes the hack looked avoidable, Sky Mavis has certainly reacted in the right way and it’s hard to criticize that response. And, frankly, any company that can get hacked for over half a billion dollars and raise $150m in a funding round days later, is so resilient I can’t imagine what, at this point, could take them down.
