Sky Mavis, the developer behind play-to-earn game Axie Infinity, has launched a bug bounty program after hackers drained $622 million in crypto from the company’s Ethereum sidechain, Ronin, last month. 

The developer is offering bounties of up to $1 million to “encourage responsible disclosure of security vulnerabilities.”

“Calling all white hats in the blockchain space” tweeted the company’s Chief Operating Officer, Aleksander Leonard Larsen. “Help us keep @Ronin_Network secure while earning a bounty.” Larsen linked to a page with details of ​​the Sky Mavis Bug Bounty Program.

Sky Mavis promises to pay white hats—aka cybersecurity vigilantes—their bounties in Axie Infinity's native token AXS, with a “six month vesting period with monthly unlocks for fatal bounties.” The top bounty of $1,000,000 goes to those who can identify “extraordinarily severe issues or those with extreme impact.”

Sky Mavis is also offering a bounty of $100,000 for identifying “critical” smart contract and blockchain vulnerabilities, alongside bounties of $50,000, $5,000 and $1,000 for risks it deems “high,” “medium,” and “low.” 

The $622 million Ronin hack

In late March, an exploit was used to drain an estimated $622 million in Ethereum and the USDC stablecoin from the Ronin bridge. The attacker reportedly used “hacked private keys” to sign transactions from five of the nine validator nodes on the Ronin network, including four of Sky Mavis’ own validators.

Around $7 million of the hacked funds was subsequently sent to the cryptocurrency mixing service Tornado Cash. 

This month, Binance led a $150 million funding round to help reimburse victims of the Ronin Bridge hack. The Sky Mavis team also said that some of the funds will go towards expanding the number of validators from five to twenty-one over the next three months.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.