Axie Infinity Developer Launches $1M Bug Bounty After $622M Ronin Hack

Sky Mavis, the developer behind play-to-earn game Axie Infinity, has launched a bug bounty program after hackers drained $622 million in crypto from the company’s Ethereum sidechain, Ronin, last month. 

The developer is offering bounties of up to $1 million to “encourage responsible disclosure of security vulnerabilities.”

“Calling all white hats in the blockchain space” tweeted the company’s Chief Operating Officer, Aleksander Leonard Larsen. “Help us keep @Ronin_Network secure while earning a bounty.” Larsen linked to a page with details of ​​the Sky Mavis Bug Bounty Program.

Sky Mavis promises to pay white hats—aka cybersecurity vigilantes—their bounties in Axie Infinity's native token AXS, with a “six month vesting period with monthly unlocks for fatal bounties.” The top bounty of $1,000,000 goes to those who can identify “extraordinarily severe issues or those with extreme impact.”

Sky Mavis is also offering a bounty of $100,000 for identifying “critical” smart contract and blockchain vulnerabilities, alongside bounties of $50,000, $5,000 and $1,000 for risks it deems “high,” “medium,” and “low.” 

The $622 million Ronin hack

In late March, an exploit was used to drain an estimated $622 million in Ethereum and the USDC stablecoin from the Ronin bridge. The attacker reportedly used “hacked private keys” to sign transactions from five of the nine validator nodes on the Ronin network, including four of Sky Mavis’ own validators.

 NFT Revolution

Hacker Drains $622M From Axie Infinity’s Ronin Ethereum Sidechain

Ronin, an Ethereum sidechain developed for the hit NFT game Axie Infinity, has been targeted in a hack that saw an estimated $625 million worth of cryptocurrency drained from its bridge. Developer Sky Mavis announced the news today, writing that the exploit took place on March 23 but only discovered earlier today. The attacker used “hacked private keys” to execute the exploit, per the team’s report, and thus was able to forge transactions to claim the funds. All told, the attacker took 173,600 W...

Around $7 million of the hacked funds was subsequently sent to the cryptocurrency mixing service Tornado Cash. 

This month, Binance led a $150 million funding round to help reimburse victims of the Ronin Bridge hack. The Sky Mavis team also said that some of the funds will go towards expanding the number of validators from five to twenty-one over the next three months.