The Ronin Network Hack Part II: The Aftermath

By Marcusblue | Get Your Keys, Get Your Coin | 7 Apr 2022

As promised, this is my follow-up article to my piece about the Ronin network hack as part of my Get Your Keys, Get Your Coin (GYKGYC) blog. This is focused on the aftermath of the hack and is more about post-hack updates, post-hack movement of the funds, and the impact to Axie Infinity and tokens.

Post-Hack Updates
At the time of this writing, the last update on Sky Mavis' community warning is April 6, 2022. The Ronin bridge is still closed and may take several weeks pending the result of security audits and bridge updates.

Looks like Sky Mavis team received some good advice from their pool of internal and external experts. Their latest Newsletter posted here has a two step plan.
1. They will have at least 21 independent validator nodes starting with an initial five (5) validator nodes composed of Nansen, Delphi Digital, Stable Node, Animoca Brands, and Dialectic, to be completed within the week.

The keyword here is "independent". Note that the compromised four (4) validator nodes were solely managed by Sky Mavis, which network got compromised via social engineering. It was coincidence that a third party validator node (Axie DAO) was in the allowlist (and got compromised as well) completing the required five (5) validator nodes.

Adding more third party validator nodes to the mix will make it more difficult for hackers to compromise the Ronin Bridge/ network. Of course, the security posture of each validator node is expected to be part of due diligence of Sky Mavis when they onboard each one to the Ronin network.

2. They will improve the security by enabling more governance functions and establishing withdrawal limits.

This is great news to hear. When we say "governance" functions, these relates to logging and monitoring functions and other relevant controls. Enabling these controls will improve the security posture of Sky Mavis network. The withdrawal limits will also ensure withdrawing unbelievable amount of digital assets will be avoided and may prevent further losses in the future.

As per a separate post here, "Sky Mavis is in the process of implementing rigorous internal security measures to prevent future attacks", so I guess that sums it up. Hopefully they can deliver. 

Post-Hack Movement of Funds
After every hack, the next step for the hacker/s would be the movement of funds from digital asset to fiat. They intend to ensure the stolen funds stay hidden. These hacker/s are as ordinary individual as you and me, they may even be Axie Infinity players themselves as you can see from the BlogToon NFT #05 below. Check out how to get this 1:1 NFT at the end of the article.  

0248c2dcf4d925b6f60e733e77c6dad28bfd6b2e93de09a0138a9d046323d519.jpg 

Per Sky Mavis, it tapped Chainalysis to monitor the stolen funds. However, Chainalysis report is not available to the public. What is available to the public is the Etherscan. But, we will not delve into the specific addresses where the hacker transferred ETH, too complicated for us crypto laymans. You can search for security firms with tools if you want to see those beautiful connect-the-dots diagrams. But, for this article, let me simplify that for you and enumerate what has been the movement so far.

2034cc4c352b2dc8593e539a46955a2e8315e897bc24815856e8cac24bff4810.jpg

1. The USDC was swapped to ETH. I think the hacker/s just wanted to make it simple and focus on ETH. Then the hacker have multiple addresses on standby to act as middlemen.  
2. Some of the stolen ETH flowed into Huobi (3,750 ETH), FTX (1,220 ETH), and Crypto.com (1 ETH). These are Centralized EXchanges (CEX). In a CEX, before you can change your digital assets to fiat, you need to perform a Know Your Customer (KYC) where you are required to submit government IDs for identity verification. My bet is that the hacker/s bought or hacked existing KYC-ed accounts and used these. These CEX have all indicated their intention to help Sky Mavis. We do not know if there were any updates on this, but for sure, if there are, information has been passed on to law enforcement.

031f6e16e708de745e2e329c2a5cb7b3cac190b28e55a2bf92964fb6dd7e03d9.jpg
3. As of April 4, the hacker/s started to move some of the ETH to Tornado Cash. So far, 3,500 ETH were moved to Tornado Cash at the time of this writing.
4. The remaining ETH in the hacker/s address is 170,637 ETH last April 6 compared to 175,913 ETH last March 30.

772304f5b3d0e662ececd5cfaee53451d8ba66ffc7adc8ff149dc51c002138f9.jpg

Tornado Cash is a privacy-focused middleware based on zero-knowledge proofs or commonly known as "mixers". Zero Knowledge Proof is a way of authenticating the source without exposing it. In short, the source is hidden and cannot be traced. Tornado Cash also works in a way such that it accepts deposit from the source address, but withdraws it to a different address.

My bet will be that the hacker/s will forward the funds to another mixer like FixedFloat, etc. But, let us wait for the security firms to confirm that, shall we?

Even then, it will be hard to cash out the funds being that all eyes are on the movement of these funds. It should be noted that at any point when the hacker/s slips into touching a CEX, and the CEX was able to figure out, the hacker/s will definitely be caught. This reminds me of the recent busting of a couple involved in the 2016 BitFinex hack here who just recently tried to launder after five years, and was immediately arrested.

Impact to Axie Infinity
Immediately after the hack, news articles, such as this posted dips for AXS, SLP and RON, with RON taking a 22.1% dip.

a3de90231afcc0022ef1a714315eaa56727ec449c48b5ff74ca60f1028d24c3d.jpg

As of this article, SLP and RON values appear to have improved slightly, while AXS value dipped. As of April 8, AXS value is $54.07.

7e3c025b94eeb6f08121400841d040c80f927f7ed630bb0a9513d2d275d84be4.jpg

If users will panic and sell their tokens to exit Axie Infinity, there may be impact on the value of these tokens once the Ronin Bridge is reopened. But, if users will remain and support the game, and the funds are restored, Axie Infinity should be able to re-establish itself, much like Wormhole.

We checked in DappRadar and there is not much fluctuation in the number of users or transactions. 

e9936ad8c0feea9c5b128e38353594aa3468446b4722dc7b2cf1e0622c3025be.jpg

A check in Poocoin does show the dip of AXS, which appears to have started when news of ETH movement to Tornado Cash were reported (starting April 4).

fb48312b75a4e69f478f865e5d7203a9185b55166a23ac4fd1993f2a98606fa2.jpg

Sky Mavis promised to reimburse their users regardless if the funds are recovered or not. They have several options to achieve this:
1. They catch the hacker/s and recover the money. At this point, this scenario has a small chance of happening.
2. Sky Mavis developer team pools their own money or digital assets to reimburse the user's money.
3. Some other firm will bailout Sky Mavis and will replenish the user's funds. This is similar to what Jump Crypto, a crypto venture capital firm, did for Certus One, the developer of the Wormhole token bridge. The Wormhole token bridge suffered a hack of about 120,000 ETH (worth $321 Million) last February 2022.
4. Sky Mavis can start a fundraiser, which is exactly what they did. Per the latest post here, they were able to raise $150 Million led by Binance. Although, this is still below what was stolen, Sky Mavis advised there would be succeeding rounds.

Conclusion
That concludes our feature regarding the Ronin network hack. It is too early to tell what is the impact of the hack to the game in the long run. But, definitely, this hack has shaken the Sky Mavis team, the Axie Infinity community and blockchain gaming space, in general, to its core.

Overall, I think Sky Mavis is dedicated to come back from this security attack. They are serious in addressing the security lapses and in retaining their status as the top blockchain game. 

Please stay tuned for future articles. I plan to have a look at the discord scams, e.g., the recent BAYC scam or maybe other crypto stuff I can think of.

BlogToon NFT Project

Buy a BlogToon NFT, get a piece of history. BlogToon #05 is now available in OpenSea here. For this drop and future drops, follow BlogToon Instagram and Twitter pages.

Hope I was able to provide some useful insights. If you reached the end of this article, thank you. Please show your support with a like, comment or a tip. It would be greatly appreciated. Please follow Marcusblue Instagram and Twitter pages. Thank you for your support and appreciation.

 

 

Resources

  1. https://slowmist.medium.com/ronin-exploit-largest-crypto-hack-to-date-8b7c581e38fd
  2. https://cointelegraph.com/news/jump-crypto-replenishes-funds-from-320m-wormhole-hack-in-largest-ever-defi-bailout
Blockchain Games Blockchain Gaming security Axie Infinity Axie Infinity (SLP)

How do you rate this article?

6
Marcusblue
Marcusblue

Crypto enthusiast. Not a financial advisor. Enough about me, let's talk crypto.

Get Your Keys, Get Your Coin
Get Your Keys, Get Your Coin

Learn about the latest fraud, scams and threats in the crypto world to secure your investments.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.
X: The World’s Largest Digital Psychiatric Experiment - How Elon Musk Turned Twitter Into a Real-Time Study of Human Psychology X: The World’s Largest Digital Psychiatric Experiment - How Elon Musk Turned Twitter Into a Real-Time Study of Human Psychology
Cryptonator`s

Cryptonator`s

1 Jun 2026
2 minute read

Crypto Trading And Market Update : Bitcoin Price At $65k Crypto Trading And Market Update : Bitcoin Price At $65k
shohana

shohana

21 hours ago
1 minute read

Anthropic Is Coming to Wall Street: The First Trillion-Dollar AI IPO Could Change Everything Anthropic Is Coming to Wall Street: The First Trillion-Dollar AI IPO Could Change Everything
MakeItReal

MakeItReal

18 hours ago
3 minute read