Blockchain Security Audit Beosin to Track $615M Ronin Hackers: Advice Given to Cross-Chain Bridge Projects

In response to the recent Ronin blockchain attack that saw a whopping $615 million in crypto stolen, Beosin, a blockchain security audit, announced that they will be "tracing the whereabouts of the funds."

To add, the security audit also released a list of suggestions to help other cross-chain bridge projects improve their security.

Beosin Announces Investigation Into the Ronin Hack

In an official blog post by Beosin, the blockchain security audit platform, they will be investigating how the breach happened while trying to track where the funds went. The breach saw a total of 173,600 Ethereum (ETH) and 25.5 million USDC stolen from Ronin.

In response to the Ronin Network's tweet regarding the security breach, Beosin said that they will be looking into the exploit. Per a tweet by Wu Blockchain, it took a total of six days in order to discover that money was stolen due to the breach of five private keys.

On top of Beosin's commitment to track down the hackers, the security audit also released a number of suggestions for other cross-chain bridge projects. These suggestions are reportedly given in order to help them improve their security.

Suggestions Given by Beosin for Cross-Chain Bridge Projects

First Suggestion

The first suggestion was for them to give more attention to their signature server's security. Through making sure sensitive information is kept in a secure storage, cross-chain bridge projects can avoid unnecessary vulnerabilities that can later on be used in exploits.

Second Suggestion

The second suggestion was should the cross-chain bridge projects' signature service go offline, the network has to update their security policy, close the functioning service models in correspondence, and also consider the risks of a compromised signature account address.

Third Suggestion

The third suggestion deals with multi-signature verification. Boeing says that the multi-signature service should be isolated logically while the verification process of the signature content has to happen independently.

The suggestion of Boesin is to make it impossible for subset verifiers to be able to request a signature directly from the verifiers itself. As per an official posting by Ronin, the Ronin chain currently has nine validator nodes.

With only nine validator nodes, this means that only five are needed in order to recognize a withdrawal. The hackers were able to gain control of four validators while employing a "third-party validator that was run by Axie DAO."

Read Also: Axie Infinity's Ronin Blockchain Suffered Hacker Breach, Over $625M Worth of Crypto Stolen

Last Advice Given

The last suggestion is that all transactions within the project should be monitored in real time and should also have real time alerts regarding "abnormal transactions."

Due to the fact that it took six days before Ronin was able to find out about the hack, notifications regarding the abnormal transactions might have been missed.

Related Article: KuCoin Token: Everything You Need To Know About the KCS Whitepaper

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics