Ronin Network to Increase Validator Nodes to 21, Introduce $1M Bug Bounty and Audits to Prevent the Next DeFi Hack

Ethereum

Summary:

  • The Ronin Network team has published a postmortem report on the exploit that happened on March 23rd
  • The report explains that a Sky Mavis employees are under constant advanced spear-phishing attacks on various social networks
  • One employee was compromised, leading to access to 4 of Sky Mavis’ validator nodes
  • Moving forward, Sky Mavis plans to work with top tier security networks, increasing validator nodes to 21 and eventually 100, implement stricter internal procedures, conduct regular audits, create a zero-trust organization, launch a $1M bug bounty program and attain security certifications

The Ronin Network team has shared a postmortem report in which they provide an in-depth analysis of the March 23rd exploit by the North Korean Lazarus group that resulted in the loss of $615 million in Ethereum and USDC.

Sky Mavis Employees are Under Constant Phishing Attacks

In the postmortem report, the Ronin Network team explained that Sky Mavis employees are under constant advanced spear-phishing attacks through various social channels. Consequently, one employee was compromised, and the attackers managed to access Sky Mavis IT infrastructure to control its 4 of the 9 validator nodes a the time. The employee no longer works for Sky Mavis.

Security Measures by the Ronin Network Moving Forward

Concerning a security roadmap to prevent the next DeFi hack, the Ronin Network announced the following measures to be implemented over time.

  • Continually working with top tear security experts to avoid lingering threats: Sky Mavis has engaged CrowdStrike and Polaris Infosec to handle internal surveillance and forensics
  • Increasing the number of Validator nodes: Sky Mavis has increased the number of validator nodes to 11 from the initial 9. They also plan to onboard 3 more with a target of 21 in three months. The Ronin Network team has a long-term goal of over 100 validator nodes
  • Implement stricter internal procedures: the Ronin Network team is inspecting their internal procedures in terms of security training for all employees
  • Conduct audits: All code will be thoroughly reviewed and optimized with security experts looking at the entire architecture
  • Creating a Zero-trust Organization: the goal of the Ronin Network team is to ‘become a fully antifragile, zero-trust organization. Zero-trust is a framework that assumes that Sky Mavis is always at risk to external and internal threats.’
  • Launching a bug bounty program: Sky Mavis is offering bounties of up to $1 million for security vulnerabilities
  • ISO27001 and other security certifications: with time Sky Mavis will undergo various certification processes

Products You May Like

Leave a Reply

Your email address will not be published. Required fields are marked *