Ronin Sidechain Experiences $11 Million Breach, Funds Later Returned
The Ronin sidechain, integral to the blockchain game Axie Infinity, has reportedly suffered another hacking incident, according to analysts at PeckShield.
#PeckShieldAlert @Ronin_Network #whitehacked? or Hacked? (w/ ~ $9.33M) pic.twitter.com/wfaY0zhVdI
— PeckShieldAlert (@PeckShieldAlert) August 6, 2024
They observed two suspicious transactions: $9.33 million and $2 million.
#PeckShieldAlert Another suspicious txs (w/ $2M) pic.twitter.com/azrh4grUek
— PeckShieldAlert (@PeckShieldAlert) August 6, 2024
The incident may have been caused by a potential MEV vulnerability.
Axie Infinity co-founder Aleksander Larsen stated that they are aware of the situation. The Ronin network has been paused pending investigation.
The @Ronin_Network bridge has been paused while we investigate a report from whitehats about a potential MEV exploit.
We will follow up with more information shortly.
The bridge currently secures over $850M which is safe https://t.co/lUjIIgb1DD
— Psycheout.ron (@Psycheout86) August 6, 2024
According to Larsen, the bridge’s liquidity of over $850 million remains secure.
Hours after the breach, the hacker returned all stolen funds: 4000 ETH and 2 million USDC.
Update:
The ETH (~$10 M) has been returned and we expect that the USDC will be returned later today. We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty.
The bridge will undergo an audit before it is…
— Ronin (@Ronin_Network) August 6, 2024
As a reward for identifying the vulnerability, the Ronin team will award $500,000.
Developers indicated the vulnerability arose from a bridge update, which led to incorrect interpretation of the required operator voting threshold for fund withdrawals.
Earlier today, we were notified by white-hats about a potential exploit on the Ronin bridge. After verifying the reports, the bridge was paused approximately 40 minutes after the first on-chain action was spotted.
The actors withdrew ~4K ETH and 2M USDC, valued at ~$12M, which…
— Ronin (@Ronin_Network) August 6, 2024
Before relaunching, the project team will conduct a mandatory audit of the sidechain.
Back in 2022, the Ronin breach marked the largest cyberattack on the DeFi segment, with perpetrators stealing over $625 million.
In February 2024, Axie Infinity and Sky Mavis co-founder Jeffrey Zirlin had $9.7 million stolen from personal wallets.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!