A few weeks ago, Axie Infinity’s sidechain Ronin was hacked for over $600M. The hacker walked away with 173,600 Ethereum and 25.5M USDC, and no one noticed for a week. The hack originated due to poor security practices, as opposed to the typical compromised contract hacks that we’re used to. Mechanically, the Ronin sidechain requires 5 of their 9 nodes to reach a consensus to validate the transaction that the hacker performed. The hacker was able to get keys for 5 of the 9 nodes due to poor security practices (unencrypted keys stored on the cloud, while they should be encrypted and kept offline).
Now the makers of Axie Infinity and their Ronin sidechain, Sky Mavis, have raised $150M to help make all of their users whole from the recent hack. The funding round was led by Binance, and included Animoca Brands, a16z, Dialectic, Paradigm, and Accel. According to the Sky Mavis team, they will be making users whole using this $150M and the Axie balance sheet funds, fully reimbursing lost funds.
The Ronin Network bridge has been shut down since the hack was discovered, and there is no timeline for when it will be brought back online, but the team has said “the Ronin Network bridge will open once it has undergone a security upgrade and several audits, which can take several weeks.” For now, Binance is giving support by allowing ETH withdrawals/deposits for Axie users.
Sky Mavis is expanding their amount of validator nodes up to 21, and presumably changing their key management practices, though best practice would include us not knowing what changes there.
Sky Mavis is continuing forward with their planned release of Axie Infinity: Origins, which is their third version of gameplay upgrades and includes free starters, new features, and upgraded art and animations. Axie Infinity remains the largest player in the NFT gaming space, with 4x the market cap of the next largest player, NBA Top Shot.