Sky Mavis, the developer of non-fungible token-based game Axie Infinity, Wednesday announced that it has raised an additional $150 million in venture funding. The company says the money “will be used to reimburse user funds affected by the Ronin Validator Hack,” which purged over $625 million worth of crypto from the Axie Infinity ecosystem last month.
The new funding round is being led by major crypto exchange Binance, which has also stepped in to provide Ethereum withdrawals and deposits to Axie Infinity players for the time being. The “bridge” between Axie Infinity‘s Ronin sidechain and the decentralized Ethereum blockchain remains closed, however, pending “a security upgrade and several audits, which can take several weeks,” Sky Mavis wrote.
Beyond the $150 million cash infusion, Sky Mavis said it will use “Sky Mavis and Axie balance sheet funds [to] ensure that all users are reimbursed.” The remaining $475 million needed to make the marketplace whole could be a significant drag for Sky Mavis, which raised $152 million last October in a deal that valued the company at nearly $3 billion.
While the wider Ronin ecosystem has a total market cap of nearly $5 billion, most of those crypto assets are spread across player-owned assets. Sky Mavis’ own funds come primarily from the 4.25 percent fee it charges per transaction for the game’s “Axie” NFTs.
Sky Mavis hasn’t totally given up on working with law enforcement to recover the stolen funds, nor has it stopped its “thorough investigation” of the hack. The Axie DAO, which lost 56,000 ETH (about $180 million) from its treasury in the hack, says it will wait two full years for a potential recovery before it votes on what to do about the undercollateralized shortfall.
Sky Mavis has determined that the hack was an “external breach” and a “socially engineered” attack on the validator network for its Ronin sidechain. Sky Mavis admits that “the root cause of the breach was the small validator set which made it much easier to compromise the network.” Four of the nine compromised validators for the network were directly under Sky Mavis’ control, while the fifth, which provided a majority, was controlled by the Axie DAO and was accessed through an unclosed backdoor.
To prevent similar attacks in the future, Sky Mavis says it has already replaced its former validators and will be expanding the network from nine to 21 distinct validator nodes in the next three months. Control of those validators “will be…split between various stakeholders, including partners, community members, and long-term allies,” Sky Mavis said.
“While racing for mainstream adoption, we made some trade-offs that ended up leaving us vulnerable to this sort of attack,” Sky Mavis wrote. “It’s a lesson that we’ve learned the hard way. A lesson that will guide how we build Ronin out moving forward. We’re confident that we will come out stronger and wiser from this.”