Restarting the Ronin sidechain: what happened?

On June 28, 2022, the Ronin sidechain was successfully restarted. The network did not work for several months: its work was stopped after a large-scale hacking of the cross-chain bridge at the end of March. As a result of the attack, the attackers stole cryptocurrencies worth a total of $ 625 million. In this article we have collected all the most important details about Ronin and its relaunch.

Why was the Ronin sidechain needed?

Ronin is a project of Sky Mavis, which develops the popular blockchain game Axie Infinity. Initially, the application worked on Ethereum, but its bandwidth was not enough to process in-game operations.

Then Sky Mavis developed a second—level solution – the Ronin sidechain. The communication channel between it and Ethereum was the Ronin Bridge cross-chain, thanks to which it was possible to transfer assets of the ERC-20 standard to Axie Infinity.

In 2021, the popularity of the game increased dramatically: only from May 2021 to January 2022, 1.44 million buyers made approximately 12.6 million transactions with non-interchangeable tokens (NFT) in it.

Axie Infinity has become the absolute leader in terms of NFT trading volume: in 2021, the turnover of NFT in this application is estimated at $3.5 billion to $3.85 billion, while the nearest competitor, NBA Top Shot, this figure was only $827 million.

Due to the hype around the game, the sidechain bet paid off. According to analysts, only in November 2021 Ronin processed more than 560% of the total number of transactions in Ethereum.

The speed of Ronin was about 4 times higher than in the Ethereum network. Thanks to Ronin, transactions on the Axie trading platform and the transfer of assets to the network were carried out within a few seconds.

Ronin also solved the problem of high commissions in the network. The fee for gas in Ethereum can range from $100 to $200, which made microtransactions not economical.

In addition, users of the official Ronin Wallet wallet received a certain number of free transactions for performing various actions in Axie Infinity, as well as for storing NFT characters (Axie) or virtual plots of land in the wallet.

How was Ronin hacked?

At the end of March 2022, the Ronin sidechain used in Axie Infinity fell victim to one of the largest hacker attacks in the history of decentralized finance (DeFi).

Using the exploit, the attackers withdrew crypto assets worth more than $625 million: 173,600 ETH and 25.5 USDC.

The developers discovered a security breach only a week after the attack. It turned out that one of the team’s employees was subjected to a phishing attack, as a result of which the attacker gained access to the company’s infrastructure and Ronin validators.

Only 9 validators worked in the Ronin network. At the same time, only 5 of them needed signatures to confirm the transaction. At the time of the attack, Sky Mavis controlled 4 out of 9 validators. Hackers gained control over another missing validator, which was controlled by Axie DAO, using a backdoor connected to the gasless Ronin RPC node.

Such an architecture contradicted basic security rules. Usually, validator nodes in the blockchain are managed by different teams or companies that maintain a distributed structure. The creators of Ronin used a centralized approach — a significant part of the validators belonged to one company. This was a fatal mistake.

Does Ronin have its own token?

At the beginning of 2022, Sky Mavis released the RON token. This asset is intended for project management and is used for transactions on the Ronin network. After the hack, the price of RON began to decline and fell from the level of $2.3 at the end of March 2022 to $0.2 by the end of June.

After the announcement of the sidechain restart, the RON rate increased by about 40% during the week and reached $0.36 by the time of the event. However, observers note a steady decline in revenues of the Axie Infinity blockchain game using Ronin and poor tokenomics of the project.

Which applications worked on Ronin?

In addition to Axie Infinity, the main application of the sidechain was Ronin Wallet, which allowed storing crypto assets related to the game. Also, the decentralized Katana exchange (Ronin DEX) worked in the ecosystem, where it was possible to exchange in-game cryptocurrencies.

What happened after the restart?

The developers of the blockchain game restarted Ronin after updating the security system and conducting several rounds of audit of the Ronin Bridge source code. In addition, they have introduced new security mechanisms, in particular an automatic “switch” that stops the operation of the bridge when trying to pass a suspiciously large swap through it. Currently, Ronin Bridge has a withdrawal limit of $50 million per day.

Immediately after the incident, Sky Mavis increased the number of validators required to confirm transactions in Ronin. The company promised to decentralize the network and bring the number of working nodes to 100, as well as implement a zero-trust architecture.

After the restart, the Ronin Network introduced the institute of “managers” who will vote for the addition of new validators, smart contract upgrades, changing the daily limit for the cross-chain bridge and other major changes in the blockchain.

One of the most important elements of the restart is compensation for stolen funds. Back in April, Ronin developers raised $150 million in funding for this purpose. Sky Mavis promised to pay another $450 million at its own expense.

As stated in the restart statement, all stolen wETH and USDC funds were returned to them, and these funds are fully secured by the corresponding collateral in the Ethereum network. In turn, the fate of another 56,000 wETH stolen from the treasury of Axie DAO remains unknown — they are expected to be returned as a result of an investigation by law enforcement agencies.