Sky Mavis Aims To Become Zero-Trust Organization, Post $600M Hack

Axie Infinity developer Sky Mavis, is looking to become a “zero-trust organization” in the aftermath of last month’s over $600 million exploit on the Ronin network.

This points to a new security roadmap in which the team will constantly scan for new threats targeting the Sky Mavis, the team wrote in a new post.

Sky Mavis team detailed:

“Our goal is to become a fully antifragile, zero-trust organization. Zero-trust is a framework that assumes that Sky Mavis is always at risk to external and internal threats.”

The post mentioned the March 23 attack in which hackers stole more than 173,600 ETH and 25.5 million USDC from its Ethereum-connected bridge. The total loss was worth over $600 million and made it one of the biggest crypto hacks to date. The hackers were later identified as Lazarus Group, hackers from North-Korea.

Ronin To Increase Validator Nodes

The Ronin team is determined to redesign its cross-chain bridge and increase the number of validators, which play part in verifying transactions. At the time of the hack, Sky Mavis had nine validator nodes.

The hackers took control over four of the nine validators. Initially, they gained access to four validator keys controlled by Sky Mavis. Another validator belonging to Axie DAO was breached through a “gas-free signature”. Then the attackers had a majority control (5/9 validators) and were able to make illegitimate fund transfers from Ronin’s bridge on Ethereum.

As mentioned in the latest post, Sky Mavis is planning to expand the total validator nodes to 21 in the next three months, with the goal of having over 100 nodes in the long term to improve the sidechain security.

Sky Mavis has conducted internal surveillance checks in collaboration with two cybersecurity firms, CrowdStrike and Polaris Infosec. It also introduced a bug bounty program of over $1 million for white hat hackers to find vulnerabilities in its code.