Sky Mavis exec takes blame for the biggest DeFi hack in history
- Sky Mavis switched from Ethereum to the faster, but less secure Ronin
- Just several validators authenticated Ronin, overseen by Sky Mavis
- Sky Mavis will add more validators to prevent further exploits
Alexsander Larsen, chief operating officer of Sky Mavis, which is behind play-to-earn game Axie Infinity apologized for security vulnerabilities that cost players $625 million in what was probably the biggest DeFi hack ever.
Larsen told CoinDesk TV in an interview:
These are the players that deposited their funds into the Ronin network, and who trusted us, and we failed to live up to that trust. When you’re going 100 miles per hour, sometimes it goes a little bit heavy around the bend. I think that’s what happened here. So, lesson learned, we’re taking full responsibility for this internally.
Crypto platforms are launching projects that are relatively centralized and decentralize progressively as they accumulate users and their technology evolves.
Sky Mavis moved to Ronin to speed up transactions
To speed up and allow for more transactions, Sky Mavis switched from the decentralized Ethereum Mainnet to the more affordable and faster, but more centralized Ronin, where just several validators authenticated the network. They were overseen by Sky Mavis. Ronin is connected to Ethereum by a “bridge”.
Larsen admitted Sky Mavis didn’t achieve decentralization quickly enough, exposing users to vulnerability.
Future prevention, adding validators
Sky Mavis will add more validators to prevent further exploits. Ronin will require 10 out of 11 validators to approve transactions. Before, this was five out of nine.
Sky Mavis didn’t find out about the attack until six days had passed. They are now considering a circuit breaker system to flag particularly large fund transfers from the Ronin network taking place at the same time. If such is detected, validators will begin working on verifying the transaction, shutting the bridge down temporarily.
Compensating the victims
According to Larsen, the Sky Mavis team is working on replacing the lost funds and also raising funds externally. Although crypto is a notoriously risky space, “users shouldn’t lose their funds in a situation like this, it’s our responsibility,” he said.
Recently, Sky Mavis announced they had initiated a funding round to compensate the victims of the Ronin attack. The Binance-led round has raised $150 million.
The team is collateralizing parts of the Axie Infinity Treasury at the moment. This means any funds recovered from the hack will be restored to the Axie Infinity treasury with time.