Sky Mavis Offers Up to $1 Million in Bug Bounty After Losing $625 Million in Major Hack

Sky Mavis has called out for responsible disclosure of security vulnerabilities that may affect its working and users.

By Radhika Parashar | Updated: 13 April 2022 15:25 IST

Sky Mavis Offers Up to $1 Million in Bug Bounty After Losing $625 Million in Major Hack

Photo Credit: Pexels/ Rodnae Productions

The rewards will be paid in the form of Axie Infinity’s native token AXS

Highlights

Sky Mavis has refrained developers from doing automated testing
Sky Mavis’ bug bounty rewards start from $1000 (roughly Rs. 76,000)
Developers can reach out to Sky Mavis via their website

Sky Mavis, the developer studio of popular NFT game Axie Infinity, is ramping up efforts to secure its networks. The firm is offering up to $1 million (roughly Rs. 7.5 crore) as a bug bounty to developers who could identify security loopholes in its networks. The step follows a mega hack incident that drained Sky Mavis's Ronin Network out of $625 million (roughly Rs. 4,729 crore). The Ronin Network is an Ethereum-linked sidechain built by Sky Mavis for blockchain gaming specifically.

In a detailed blog, Sky Mavis has called out for responsible disclosure of security vulnerabilities that may affect its working and users.

“While researching, we'd like to ask you to refrain from doing automated testing, denial of service, spamming, spoofing, and phishing. Performing further attacks once you have proof of Remote Control Execution (RCE) attacks may have your bounties forfeited,” the policy section of the bug bounty programme read.

[Sponsored] Samsung Galaxy S24: The Ultimate Camera Phone With Smarter On-Device AI

The rewards will be paid in the form of Axie Infinity's native token AXS. As per CoinMarketCap, each AXS is currently priced $48 (roughly Rs. 3,673).

“Only vulnerabilities with a working proof of concept that shows how it can be exploited will be considered eligible for monetary rewards. Determination of whether a reported issue sufficiently meets the bar for monetary rewards is done at Sky Mavis's discretion,” the blog added.

The hack attack on the Ronin Network was discovered by Sky Mavis on March 23, making for the largest-ever loot to have been extracted out of a blockchain hack.

SHIB Value Shoots Up as Robinhood Adds Meme Coin

The attacker had cracked the control of Sky Mavis's four Ronin validators and a third-party validator run by Axie DAO (decentralised autonomous organisation).

A legal investigation is underway in the case.

Sky Mavis has meanwhile, raised $150 million (roughly Rs. 1,142 crore) in a recent funding round led by crypto exchange Binance. The funds will be used to reimburse victims of the Ronin attack.

» Sky Mavis Raises $150M Round Led by Binance to Reimburse Ronin Attack Victims https://t.co/kH368uyvGl
— CZ :large_orange_diamond: Binance (@cz_binance) April 6, 2022

2/ While racing for main-stream adoption, we made some trade-offs that ended up leaving us vulnerable.

It's a lesson that we've learned the hard way. A lesson that will guide how we build Ronin moving forward. We're confident that we will come out stronger and wiser from this.
— Axie Infinity:bat::loud_sound: (@AxieInfinity) April 6, 2022

Overall, cyber criminals last year stole over $1.3 billion (roughly Rs. 9,606 crore) from hacking the blockchain sector, a report by blockchain research firm CertiK had claimed in January.

Why are they still making more Harry Potter? We discuss this on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.

Affiliate links may be automatically generated - see our ethics statement for details.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Cryptocurrency, Sky Mavis, Bug Bounty, Hack Attack, Axie Infinity

Radhika Parashar

Email Radhika

Radhika Parashar is a senior correspondent for Gadgets 360. She has been reporting on tech and telecom for the last three years now and will be focussing on writing about all things crypto. Besides this, she is a major sitcom nerd and often replies in Chandler Bing and Michael Scott references. For tips or queries you could reach out to her at RadhikaP@ndtv.com. More