Sky Mavis, the developer studio of popular NFT game Axie Infinity, is ramping up efforts to secure its networks. The firm is offering up to $1 million (roughly Rs. 7.5 crore) as a bug bounty to developers who could identify security loopholes in its networks. The step follows a mega hack incident that drained Sky Mavis’s Ronin Network out of $625 million (roughly Rs. 4,729 crore). The Ronin Network is an Ethereum-linked sidechain built by Sky Mavis for blockchain gaming specifically.
In a detailed blog, Sky Mavis has called out for responsible disclosure of security vulnerabilities that may affect its working and users.
“While researching, we’d like to ask you to refrain from doing automated testing, denial of service, spamming, spoofing, and phishing. Performing further attacks once you have proof of Remote Control Execution (RCE) attacks may have your bounties forfeited,” the policy section of the bug bounty programme read.
“Only vulnerabilities with a working proof of concept that shows how it can be exploited will be considered eligible for monetary rewards. Determination of whether a reported issue sufficiently meets the bar for monetary rewards is done at Sky Mavis’s discretion,” the blog added.
The hack attack on the Ronin Network was discovered by Sky Mavis on March 23, making for the largest-ever loot to have been extracted out of a blockchain hack.
The attacker had cracked the control of Sky Mavis’s four Ronin validators and a third-party validator run by Axie DAO (decentralised autonomous organisation).
A legal investigation is underway in the case.
Sky Mavis has meanwhile, raised $150 million (roughly Rs. 1,142 crore) in a recent funding round led by crypto exchange Binance. The funds will be used to reimburse victims of the Ronin attack.
2/ While racing for main-stream adoption, we made some trade-offs that ended up leaving us vulnerable.
It’s a lesson that we’ve learned the hard way. A lesson that will guide how we build Ronin moving forward. We’re confident that we will come out stronger and wiser from this.
— Axie Infinity:bat::loud_sound: (@AxieInfinity) April 6, 2022