Bridge Operations at Ronin Network Temporarily Halted Following Discovery of Security Flaw by Ethical Hacker, Potentially Affecting $12 Million in Exploits
In the world of decentralized finance (DeFi), the Ronin Bridge Network experienced a significant event on Tuesday, as approximately $12 million were drained from the network. This incident, which was later confirmed as a whitehat hack, occurred barely a week after the network's daily active users hit a new record high of 2.1 million on July 29.
The bridge, a crucial component of the Ronin Network, was temporarily paused around 40 minutes after the first on-chain action was spotted. The exploit involved an MEV bot, a type of software that can manipulate transaction ordering to extract value from the network. The incident was initially revealed by on-chain researcher @pcaversaccio.
Upon investigation, it was discovered that the hack was due to protocol logic bugs and contract upgrade vulnerabilities. Specifically, the incident was first noticed after a bridge upgrade, which introduced an issue causing the bridge to misinterpret the required operator vote threshold to withdraw funds.
Despite the initial funds being taken, whitehat hackers played a role in recovering approximately $10 million of the stolen assets shortly after the exploit. Negotiations with these whitehat actors have been ongoing, similar to other DeFi exploit cases where hackers agree to return funds in exchange for bounties, although specific details on the current status of negotiations or bounty terms in the Ronin case have not been publicly disclosed.
It's worth noting that the Ronin hack was also linked to advanced threat actors such as North Korea's Lazarus Group, suggesting some sophisticated persistent threats tied to the incident. However, the $12 million figure and whitehat recovery seem to relate to a distinct MEV bot manipulation exploit, rather than the earlier $620 million Ronin breach.
Ronin Network's co-founder @Psycheout86 commented that the bridge currently secures over $850M, implying it remains safe. The popularity of games like Lumierre and Pixels on the network is likely the driving force behind the increase in daily active users, which reached a new record high just before the hack.
Pixels joined Ronin Network earlier this year, and the network has been a popular choice for gamers due to its fast transaction speeds and low fees. The Ronin Bridge Network, which facilitates the movement of assets between the Ethereum blockchain and the Ronin network, is a crucial component of the platform.
As of this writing, Ronin Network is in talks with the hackers to organize the return of the funds. The network's official account later issued a statement about the incident, reassuring users that their assets are safe and that the network is taking necessary steps to prevent such incidents in the future.
This incident serves as a reminder of the challenges and opportunities in the rapidly evolving world of DeFi. As networks continue to grow and innovate, so too do the potential vulnerabilities and threats. However, with vigilant security measures and a robust response system, these challenges can be overcome, as demonstrated by the quick action of the whitehat hackers in this case.
Read also:
- Trade Disputes Escalate: Trump Imposes Tariffs, India Retaliates; threatened boycott ranges from McDonald's, Coca-Cola to iPhones
- Li Auto faces scrutiny after crash test involving i8 model and a truck manufacturer sparks controversy
- Celebrated Title: Cheesemakers Blessed Upon
- Construction and renovation projects in Cham county granted €24.8 million focus on energy efficiency
