Last week, the Web3 space was rocked by yet another major hack: Thieves took around $624 million from a blockchain "bridge" that underpins Axie Infinity, a flagship in the emerging play-to-earn gaming space.
The Ronin Network is a blockchain launched by Axie Infinity developers Sky Mavis to make playing the game cheaper since Ethereum charges users "gas" fees. Ronin operates a bridge that allows players to transfer their ETH to tokens on Ronin. The hack mainly affected Ethereum funds that were put in a digital vault by users to back so-called "wrapped" tokens that were minted on the Ronin Network. The hack meant that the wrapped funds were no longer backed, and users were out of ETH, making bailing out the bridge a top priority for the Vietnam-based firm.
Now, a group of firms representing a cross-section of the Web3 ecosystem have handed Sky Mavis a $150 million funding round to reimburse users, along with existing funds held by the firm. The group includes major crypto exchange Binance, blockchain gaming firm Animoca Brands, and investment firms Andreesen Horowitz, Accel, Paradigm, and Dialectic.
"The new round, combined with Sky Mavis and Axie balance sheet funds, will ensure that all users are reimbursed," Sky Mavis stated in a blog post. "The Ronin Network bridge will open once it has undergone a security upgrade and several audits, which can take several weeks. In the meantime, Binance is supporting the Ronin Network by providing ETH withdrawals and deposits for Axie Infinity users, allowing most of them to operate freely."
Sky Mavis also admitted that the hack came down to the company moving too fast. Unlike Bitcoin or Ethereum, which operate using Proof-of-Work mining, the Ronin Network relied on a set of nine trusted validators. The hackers compromised the private keys of five of those nine validators, allowing them to move the funds from the bridge.
"While racing for mainstream adoption, we made some trade-offs that ended up leaving us vulnerable to this sort of attack," the blog states. "It’s a lesson that we’ve learned the hard way. A lesson that will guide how we build Ronin out moving forward. We’re confident that we will come out stronger and wiser from this."
According to the blog post, Sky Mavis is upping its validator set from nine to 21, in theory making it that much harder for hackers to compromise the necessary majority. The firm also noted that 56,000 ETH compromised from the Axie DAO treasury will remain "undercollateralized" as it works with law enforcement to recover the funds, saying that the DAO will vote on "next steps" if they're not found in two years.
Blockchain bridges are quickly becoming core parts of Web3, which is spiralling out into an uncountable number of projects and various blockchains, with investors seeking ways to jump between them. However, bridges have also proved to be irresistible targets for hackers, with investment capital making up the losses. In February, hackers stole millions from the Wormhole blockchain bridge on Solana, with VC firm and Wormhole backer Jump Capital stepping in to bail it out.
As we wrote at the time, corporate bailouts are coming to crypto, and it doesn't look like they're stopping any time soon.