Earlier this year, a March hacking attack saw more than $615 million stolen from Ronin Network’s coffers. This news made headlines at the time, not just because of the sheer size of the theft, but also because Ronin Network (an Ethereum sidechain) hosts perhaps the most popular play-to-earn (P2E) game in the world, Axie Infinity.
Following the attack, transactions on Ronin’s bridge were put on pause, making the last two high-ticket transfers on the network the fraudulent withdrawals for 173,600 Ethereum and 25.5 million USDC last March. According to an FBI report, hacking cabals Lazarus Group and APT38 were responsible, appropriating the ill-gotten wealth to go fund the North Korean regime.
After the theft
So what happened to Axie Infinity’s player base? In the three months since the attack, users could retrieve whatever funds they had stored on the Ronin Network via a bridge provided by Binance. This bridge allowed them to withdraw their funds as wrapped ETH, which could then be easily traded for standard ETH. This saw roughly 46,000 wETH withdrawn from Ronin Network’s stores since the announcement of the initiative on April 2. Aside from that, nothing.
Thankfully, as of earlier today, Ronin Network has now been fully rebuilt.
Ronin Network and Axie Infinity developer Sky Mavis said in a statement that, as of today, users are now free to make transactions on the network once more. Furthermore, all users who experienced losses during the security breach have been fully reimbursed, as Sky Mavis was able to cover the remaining 71,600 ETH and 25.5M in liabilities lost in the attack. As mentioned in the announcement, “all [users] have been made whole.”
It’s a different story for the funds stolen from the Axie DAO’s treasury, though. The 56,000 ETH taken from them during the attack remains unaccounted for. Should these funds remain unrecovered for two more years, a vote will be called amongst Axie DAO on the treasury’s next steps.
To ensure an attack of this scale won’t happen again, Sky Mavis has ramped up security on the rebuilt Ronin Network considerably. For starters, a “circuit-breaker system” will automatically sniff out suspicious withdrawals from the network. Withdrawals north of $1 million in value will require 90 percent of validator signatures, while withdrawals larger than $10 million in value will require that, along with a seven-day review process done by an actual human. Daily withdrawal limits per user have also been capped at $50 million. Additionally, Sky Mavis has completed an extensive internal audit conducted by a third party to look for more ways to improve the security of their system.