After $625mn hack in March, web3 game Axie Infinity’s Ronin Bridge returns
After facing one of the biggest crypto hacks of the year, developer Sky Mavis has reopened access for the Ronin Bridge on its play to earn game, Axie Infinity. Based on the Ronin blockchain, a sidechain of Ethereum, Ronin Bridge comes live almost exactly three months after reporting a theft of $625 million in crypto tokens – stolen from users’ crypto wallets linked to the platform.
On Tuesday, Sky Mavis announced the reopening of the Ronin Bridge by stating that all user funds are now “fully backed 1:1 by the new bridge”. This suggests that the blockchain network has essentially reimbursed all crypto tokens that users lost as a result of the hack. After facing the hack in March this year and setting up an investigation process, Sky Mavis had promised to refund all lost funds to any user affected by it.
The developer now claims that its Bridge and the Ronin sidechain are both safer than before, since they have undergone one internal and two external audits.
In April this year, Axie Infinity raised $150 million and pooled money from its founders to make up for what it lost. As of now, reports suggest that it is still short of about $110 million pooled together in Ether and the USD Stablecoin.
The hack reportedly took place after an Axie Infinity employee fell prey to a spear phishing attack, compromising a privileged account and gaining access to the sidechain’s validator nodes. This, in turn, allowed the attackers to exploit a vulnerability in the system to be able to siphon funds off users’ wallets through Ronin Bridge.
The latter is a two-way link that users can use to transfer tokens from various compatible external web3 wallets. Leveraging the flaw, the attackers gained access to private crypto wallet keys – thereby leading to the theft.
Since then, Axie Infinity has increased the number of validator nodes on Ronin to add a primary layer of protection for it. An investigation by the United States Department of Justice said that North Korea hacking collective, Lazarus, was behind the breach.