Latest News

Following a $600 million hack, the battle-tested Ronin bridge to Axie reopens

After Sky Mavis implemented a circuit breaker system and daily withdrawal limits, the Axie Infinity-connected Ronin bridge has been reconstructed.

The producers of the popular play-to-earn (P2E) nonfungible token (NFT) game Axie Infinity, Sky Mavis, have revealed that the Ronin bridge is back online three months after being hacked for almost $600 million.

The Ronin bridge is an Ethereum sidechain developed for Axie Infinity that permits users to transfer assets between the sidechain and the Ethereum mainnet.

The bridge was drained of 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) on March 29 after hackers gained access to private validator keys. At the time, the hack was valued almost $620 million.

The Sky Mavis team announced on Tuesday that the Ronin bridge is back up following three audits (two internal and one external), a redesign, and complete recompense for stolen assets:

“As promised, all wETH and USDC held by Ronin Network users are now backed 1:1 by ETH and USDC on Ethereum. All users have been compensated in full.”

By providing the ETH liquidity to back consumers’ Wrapped ETH (wETH) on the Ronin network, Sky Mavis has now refunded a total of 117,600 ETH and 25.5 million USDC.

In April, around 46,000 of these ETH had been reimbursed after Binance built a bridge to their exchange so customers could trade wETH for ETH. The action was supported by the Axie Infinity balance and monies from the company’s founders. Additionally, Binance spearheaded a $150 million fundraising round to assist Sky Mavis in reimbursing Axie Infinity subscribers.

The remaining 56,000 ETH belonging to the Axie DAO Treasury would remain uncollateralized as Sky Mavis “works with law enforcement to reclaim the funds.”

As part of the redesign of the bridge, Sky Mavis has modified the smart contract software to let validators to establish daily withdrawal limitations, with the initial maximum set at $50 million. The team also implemented a circuit breaker system that categorises withdrawal amounts into three levels.

Tier 1 is for withdrawals of less than $1 million and requires the signatures of 70 percent of validators, whereas tier 2 is for withdrawals of more than $1 million and requires the signatures of 90 percent of validators. Tier 3 is for withdrawals above $10 million and requires 90 percent validator approval, a minor transaction charge, and a seven-day review period:

“The new bridge design incorporates a circuit-breaker mechanism as a contingency plan, which strengthens the bridge’s security by preventing suspicious draws of huge amounts of electricity.”

Late in April, Sky Mavis acknowledged in a postmortem report that the Ronin bridge’s lack of decentralization made it susceptible to the breach. At the time, there were only nine validator nodes, and only four were accessible to employees.

After swiftly increasing the number of nodes to 11, Sky Mavis stated plans to increase it to 21 within three months of the postmortem, with the long-term objective of exceeding 100 nodes.

The company did not provide an update on the number of validator nodes in the Ronin network in its most recent announcement.

Axie Infinity’s monthly NFT sales volume plummeted substantially in 2022, with data from CryptoSlam indicating a drop from $126.4 million in January to just $2.8 million in June.

Crypto products and NFTs are unregulated and can be highly risky. There may be no regulatory recourse for any loss from such transactions. Crypto is not a legal tender and is subject to market risks. Readers are advised to seek expert advice and read offer document(s) along with related important literature on the subject carefully before making any kind of investment whatsoever. Crypto market predictions are speculative and any investment made shall be at the sole cost and risk of the readers.