Ronin Bridge Paused After Whitehat Hacker Exposes Vulnerability In $12M Exploit
Ronin paused bridge activity earlier on Tuesday morning after confirming a whitehat hack incident.
- On-chain researcher @pcaversaccio revealed the incident in an X post saying nearly 4k ETH had been drained by an MEV bot.
- The exploit also included $2 million in USDC bringing the total withdrawn to nearly $12 million, Ronin said.
- Co-founder @Psycheout86 said in an X post the more than $850 million secured by the bridge remains safe
The Ronin Bridge Network was on Tuesday briefly paused after a $12 million whitehat hack. On-chain researcher @pcaversaccio revealed the incident in an X post saying nearly 4k ETH worth about $9 million had been drained by an MEV bot, but the bridge activity had since been paused.
MEV bot whitehatted (hopefully) a Ronin Bridge issue for almost ~4k ETH. Bridge got paused already.https://t.co/yfOhS3lPa0 pic.twitter.com/n0M6Hv2A5y
— sudo rm -rf –no-preserve-root / (@pcaversaccio) August 6, 2024
Ronin later confirmed in an X post that 4k ETH worth about $9.8 million and an additional $2 million in USDC had been drained. In an X post, Ronin co-founder @Psycheout86 commented on the incident: “The bridge currently secures over $850M which is safe.”
Ronin Network’s official account followed later with a statement about the incident stating: “Earlier today, we were notified by white-hats about a potential exploit on the Ronin bridge. After verifying the reports, the bridge was paused approximately 40 minutes after the first on-chain action was spotted.”
“Today’s bridge upgrade, after being deployed through the governance process, introduced an issue leading the bridge to misinterpret the required bridge operators vote threshold to withdraw funds.”
Whitehat hackers attack systems to identify potential vulnerabilities. In this case, the attacker was able to withdraw nearly $12 million, which is the maximum possible per transaction.
As of this writing, Ronin Network was in talks with the hackers to organize the return of the funds.
This event takes place barely a week after Ronin Network’s daily active users hit a new record high of 2.1 million on July 29, as players flocked in to play Lumierre and Pixels games.
Pixels joined Ronin Network earlier this year while Lumierre announced the start of its closed beta test (CBT) at the beginning of August.