- The Ronin Network team has published a postmortem report on the exploit that happened on March 23rd
- The report explains that a Sky Mavis employees are under constant advanced spear-phishing attacks on various social networks
- One employee was compromised, leading to access to 4 of Sky Mavis’ validator nodes
- Moving forward, Sky Mavis plans to work with top tier security networks, increasing validator nodes to 21 and eventually 100, implement stricter internal procedures, conduct regular audits, create a zero-trust organization, launch a $1M bug bounty program and attain security certifications
The Ronin Network team has shared a postmortem report in which they provide an in-depth analysis of the March 23rd exploit by the North Korean Lazarus group that resulted in the loss of $615 million in Ethereum and USDC.
We have put together a postmortem regarding the Ronin exploit that occurred on March 23rd.
• Why it happened
• What we’re doing to make sure this never happens again
• Ronin bridge re-opening updatehttps://t.co/FfwCtCG84E
— Ronin (@Ronin_Network) April 27, 2022
Sky Mavis Employees are Under Constant Phishing Attacks
In the postmortem report, the Ronin Network team explained that Sky Mavis employees are under constant advanced spear-phishing attacks through various social channels. Consequently, one employee was compromised, and the attackers managed to access Sky Mavis IT infrastructure to control its 4 of the 9 validator nodes a the time. The employee no longer works for Sky Mavis.
Security Measures by the Ronin Network Moving Forward
Concerning a security roadmap to prevent the next DeFi hack, the Ronin Network announced the following measures to be implemented over time.
- Continually working with top tear security experts to avoid lingering threats: Sky Mavis has engaged CrowdStrike and Polaris Infosec to handle internal surveillance and forensics
- Increasing the number of Validator nodes: Sky Mavis has increased the number of validator nodes to 11 from the initial 9. They also plan to onboard 3 more with a target of 21 in three months. The Ronin Network team has a long-term goal of over 100 validator nodes
- Implement stricter internal procedures: the Ronin Network team is inspecting their internal procedures in terms of security training for all employees
- Conduct audits: All code will be thoroughly reviewed and optimized with security experts looking at the entire architecture
- Creating a Zero-trust Organization: the goal of the Ronin Network team is to ‘become a fully antifragile, zero-trust organization. Zero-trust is a framework that assumes that Sky Mavis is always at risk to external and internal threats.’
- Launching a bug bounty program: Sky Mavis is offering bounties of up to $1 million for security vulnerabilities
- ISO27001 and other security certifications: with time Sky Mavis will undergo various certification processes