Sky Mavis, the developer of the play-to-earn game Axie Infinity, has stated its intention to become a “zero-trust organisation” in the aftermath of last month’s $600 million hack on the Ronin network.
This is a security stance adopted in an effort to always scan for potential threats directed at Sky Mavis, the team stated in a post-mortem report released Wednesday.
“Our goal is to become a fully antifragile, zero-trust organisation. Zero-trust is a framework that assumes that Sky Mavis is always at risk to external and internal threats,” the report said.
The report referred to the March 23 attack, in which hackers stole over 173,600 ether and 25.5 million USDC from the firm’s Ethereum-connected bridge. The total loss of more than $600 million makes it become one of the largest crypto breaches to date.
These hackers were eventually identified as the Lazarus Group, a North Korean hacking group.
Sky Mavis Intends To Become A “Zero-Trust Organisation.” Image: CoinCulture
Ronin will have a total of 100 validator nodes
The Ronin team is currently concentrating its efforts on redesigning its cross-chain bridge and raising the number of validators – entities participating in transaction verification. At the time of the security attack, the sidechain had nine validator nodes.
The attackers gained control of four out of the nine validators. They stole four validator keys from Sky Mavis. Another validator – this one belonging to Axie DAO — was hacked through a “gas-free signature.” Following this, the hackers gained 5 out of 9 validators and obtained the authority to conduct unauthorised money transfers from Ronin’s Ethereum bridge.
As disclosed in Wednesday’s notice, Sky Mavis intends to raise the total number of validator nodes to 21 in the next three months and eventually to more than 100 in order to boost sidechain security.
Sky Mavis recently said that it had carried out internal surveillance checks together with two cybersecurity companies — Polaris Infosec and CrowdStrike. It also promised a $1 million bug reward for ethical hackers who discover weaknesses in its code.
Sky Mavis raised $150 million from investors, including cryptocurrency exchange Binance and venture capital companies a16z and Paradigm, to fund its efforts to compensate impacted users.