Sky Mavis is looking at reimbursing its players and is working on a solution following a major security break-in in Axie Infinity’s Ronin Network. It is working with law enforcement officials, investors, and forensic cryptographers to ensure that all funds are recovered or reimbursed.
The breach was detected about 24-hours ago. The validators were compromised on March 23. The hacker made off with 173,600 Ethereum and 25.5 million USDC stablecoins, collectively worth around $615 million. The company says that the hack started in November 2021 when Axie Infinity’s user base increased to an unsustainable size. This led to an immense user load. As such, the network loosened its security procedures to accommodate increased demand. The company forgot to re-tighten its security, which the hackers took advantage of. The latest hack has surpassed the Poly Network attack of August 2021.
Aleksander Larson, the co-founder of Axie Infinity, in an update to the community, highlighted that a deep forensic review was being carried out to ensure safety on the network. He revealed that the latest security breach was a social engineering attack combined with human error from December 2021. However, the attack was unnoticed till a user reported a failure to withdraw 5,000 ETH from the Ronin bridge. The company revealed that the attack managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO.
Larsen pointed out that the company is boosting its security. It will make its tech solid and the Ronin Network will add new validators. Moreover, Ronin Network is in the process of migrating nodes. Doing so will separate it from the old infrastructure.
Frances Coppola, an economist, and author says it’s pretty much typical of crypto companies to keep security in the backseat. He highlighted that companies are so crazed with making loads of money or accommodating high demand that they put up badly designed and tested code, and compromise security.