Ronin Bridge, the link that enables users to transfer funds to and from accounts in the “play to earn” Axie Infinity game, has reopened following a $625 million theft that took place in March. Sky Mavis, the developer group behind Axie Infinity and the Ronin blockchain that powers the game, announced that players can now use the bridge to make deposits and withdrawals.
Since March, the Ronin Bridge has been closed off as Sky Mavis worked to bolster its security protocols and recover users’ funds. The attack went unnoticed for six days until a user tried to withdraw funds and couldn’t do it. In a postmortem, Sky Mavis blamed a spear-phishing attack that compromised an employee’s account, saying that person no longer works with the company, as well as its lack of a tracking system to monitor large outflows.
After conducting an investigation, the US Treasury Department attributed the hack to the North Korean hacking group Lazarus and issued sanctions on the wallet address containing the stolen cryptocurrency. Sky Mavis initially planned to have the bridge up and running by the end of April but later delayed its reopening, citing that “this is not a process we can afford to rush” because the bridge “will secure billions of dollars in assets.”
The Ronin Bridge is open!
• All user funds are fully backed 1:1 by the new bridge.
• The bridge has undergone an internal audit and two external audits.
• We are still on track to release Land Staking this week.
— Axie Infinity (@AxieInfinity) June 28, 2022
Sky Mavis appears to have followed through on its promise to compensate players affected by the theft. Although it notes that users’ funds are “fully backed 1:1 by the new bridge,” Sky Mavis still hasn’t made up for a large portion of the Ronin network’s stolen funds. After pooling money from the founding members of the Sky Mavis team and receiving $150 million in funding from a number of companies, including Binance, the firm says Ronin’s currently down 71,600 ETH (~$85.8 million) and 25.5 million USDC ($25.5 million). Sky Mavis says it’s reimbursing these liabilities in full.
But this still doesn’t account for the 56,000 wETH (~$67.2 million) drained from the Axie DAO (decentralized autonomous organization) Treasury, the group of people who vote on decisions for the Axie community. Sky Mavis says it’s working with law enforcement to retrieve these funds. If it doesn’t recover them within two years, the DAO will cast a vote on the “next steps.”
In a message on Discord, developers told players they’re also on track to add Land Staking this week, which is another scheme to help generate rewards for players who’ve invested money in the game. The Verge senior entertainment editor Andrew Webster tried playing the game and said, “The creatures are all extremely similar, and experimentation is nonexistent unless you want to fork out a bunch of cryptocurrency.”
It’s unclear what these changes will do to improve the actual gaming experience, even if the back end is, now, more secure. Shortly after the attack, Sky Mavis launched Axie Infinity: Origin, a newer version that includes free-to-play elements to try and attract new players who don’t have blockchain wallets yet.
To help prevent future thefts, the Ronin Bridge has undergone one internal audit and two external audits by blockchain security firms Verichains and Certik. The bridge also has a new “circuit-breaker system” designed to stop suspicious users from making unusually large withdrawals. You can read more about Ronin’s update in its blog post, as well as read up on its technical documentation.