Reports said that Sky Mavis, developers of the popular play-to-earn (P2E) nonfungible token (NFT) game Axie Infinity have announced that the Ronin bridge is back online three months after it was hacked for more than $600 million.
It has been reported that the Ronin bridge is an Ethereum sidechain built for Axie Infinity, and it enables users to transfer assets between the sidechain and the Ethereum mainnet. On March 29, 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) were drained from the bridge after hackers managed to gain access to private validator keys. The hack was worth more than $620 million at the time.
However, according to the Tuesday announcement from the Sky Mavis team, the Ronin bridge is back online after three audits (one internal, two external), a new design, and full compensation of users’ stolen assets:
“All wETH and USDC owned by Ronin Network users is now fully backed 1:1 by ETH and USDC on Ethereum, as promised. All users’ have been made whole.”
The report said that in total, Sky Mavis has now reimbursed 117,600 ETH and 25.5 million USDC by providing the ETH liquidity to back users’ Wrapped ETH (wETH) on the Ronin network. In April, around 46,000 of that ETH had already been compensated after Binance provided a bridge to its exchange so that users could swap out wETH for ETH.
Likewise, liquidity was sourced from the Axie Infinity balance and founders’ funds to support the move. Binance also led a $150 million funding round to help Sky Mavis repay Axie Infinity users. The remaining 56,000 of the total stolen ETH belongs to the Axie DAO Treasury and will remain uncollateralized as Sky Mavis “works with law enforcement to recover the funds.”
As part of the revamped bridge design, Sky Mavis has updated the smart contract software to enable validators to set daily withdrawal limits, with the initial amount set at $50 million at this stage. The team also introduced a circuit breaker system that breaks down the monetary value of withdrawals into three tiers.
Tier 1 is for withdrawals less than $1 million and requires 70% of validators to sign off, and tier 2 is for amounts greater than $1 million and requires 90% of validator signatures. Tier 3 is for withdrawals greater than $10 million and requires a 90% validator sign-off.
Thus, Sky Mavis admitted in a postmortem report in late April that its lack of decentralization had made the Ronin bridge vulnerable to the hack. At the time, it had just nine validator nodes, with employees having access to four of them.