{"id":15871,"date":"2024-08-06T14:36:56","date_gmt":"2024-08-06T11:36:56","guid":{"rendered":"https:\/\/forklog.com\/en\/ronin-sidechain-experiences-11-million-breach-funds-later-returned\/"},"modified":"2024-08-06T14:36:56","modified_gmt":"2024-08-06T11:36:56","slug":"ronin-sidechain-experiences-11-million-breach-funds-later-returned","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/ronin-sidechain-experiences-11-million-breach-funds-later-returned\/","title":{"rendered":"Ronin Sidechain Experiences $11 Million Breach, Funds Later Returned"},"content":{"rendered":"<p>The Ronin sidechain, integral to the blockchain game Axie Infinity, has reportedly suffered another hacking incident, according to analysts at PeckShield.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> <a href=\"https:\/\/twitter.com\/Ronin_Network?ref_src=twsrc%5Etfw\">@Ronin_Network<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/whitehacked?src=hash&#038;ref_src=twsrc%5Etfw\">#whitehacked<\/a>? or Hacked? (w\/ ~ $9.33M) <a href=\"https:\/\/t.co\/wfaY0zhVdI\">pic.twitter.com\/wfaY0zhVdI<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1820769744292872240?ref_src=twsrc%5Etfw\">August 6, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>They observed two suspicious transactions: $9.33 million and $2 million.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> Another suspicious txs (w\/ $2M) <a href=\"https:\/\/t.co\/azrh4grUek\">pic.twitter.com\/azrh4grUek<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/1820771481091277119?ref_src=twsrc%5Etfw\">August 6, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The incident may have been caused by a potential MEV vulnerability.<\/p>\n<p>Axie Infinity co-founder Aleksander Larsen stated that they are aware of the situation. The Ronin network has been paused pending investigation.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">The <a href=\"https:\/\/twitter.com\/Ronin_Network?ref_src=twsrc%5Etfw\">@Ronin_Network<\/a> bridge has been paused while we investigate a report from whitehats about a potential MEV exploit. <\/p>\n<p>We will follow up with more information shortly.<\/p>\n<p>The bridge currently secures over $850M which is safe <a href=\"https:\/\/t.co\/lUjIIgb1DD\">https:\/\/t.co\/lUjIIgb1DD<\/a><\/p>\n<p>\u2014 Psycheout.ron (@Psycheout86) <a href=\"https:\/\/twitter.com\/Psycheout86\/status\/1820771028420739140?ref_src=twsrc%5Etfw\">August 6, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>According to Larsen, the bridge&#8217;s liquidity of over $850 million remains secure.<\/p>\n<div class=\"wp-block-text-wrappers-update-2 article_update\"><time class=\"gtb_text-wrappers_update_time\">8 August 2024 | 10:33<\/time><span class=\"gtb_text-wrappers_update_head\">Update: <\/span><\/p>\n<p>Hours after the breach, the hacker returned all stolen funds: 4000 ETH and <a href=\"https:\/\/x.com\/Ronin_Network\/status\/1820877044994973731\">2 million USDC<\/a>.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Update:<\/p>\n<p>The ETH (~$10 M) has been returned and we expect that the USDC will be returned later today. We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty. <\/p>\n<p>The bridge will undergo an audit before it is\u2026<\/p>\n<p>\u2014 Ronin (@Ronin_Network) <a href=\"https:\/\/twitter.com\/Ronin_Network\/status\/1820846361945792751?ref_src=twsrc%5Etfw\">August 6, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>As a reward for identifying the vulnerability, the Ronin team will award $500,000.<\/p>\n<p>Developers indicated the vulnerability arose from a bridge update, which led to incorrect interpretation of the required operator voting threshold for fund withdrawals.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Earlier today, we were notified by white-hats about a potential exploit on the Ronin bridge. After verifying the reports, the bridge was paused approximately 40 minutes after the first on-chain action was spotted.<\/p>\n<p>The actors withdrew ~4K ETH and 2M USDC, valued at ~$12M, which\u2026<\/p>\n<p>\u2014 Ronin (@Ronin_Network) <a href=\"https:\/\/twitter.com\/Ronin_Network\/status\/1820804772917588339?ref_src=twsrc%5Etfw\">August 6, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Before relaunching, the project team will conduct a mandatory audit of the sidechain.<\/p>\n<\/div>\n<p>Back in 2022, the Ronin breach marked the largest cyberattack on the DeFi segment, with perpetrators stealing over $625 million.<\/p>\n<p>In February 2024, Axie Infinity and Sky Mavis co-founder Jeffrey Zirlin <a href=\"https:\/\/forklog.com\/en\/news\/hackers-steal-9-7-million-from-sky-mavis-co-founder\">had $9.7 million stolen<\/a> from personal wallets.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Ronin sidechain, integral to the blockchain game Axie Infinity, has reportedly suffered another hacking incident, according to analysts at PeckShield. #PeckShieldAlert @Ronin_Network #whitehacked? or Hacked? (w\/ ~ $9.33M) pic.twitter.com\/wfaY0zhVdI \u2014 PeckShieldAlert (@PeckShieldAlert) August 6, 2024 They observed two suspicious transactions: $9.33 million and $2 million. #PeckShieldAlert Another suspicious txs (w\/ $2M) pic.twitter.com\/azrh4grUek \u2014 PeckShieldAlert [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":15870,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1581,44,1359],"class_list":["post-15871","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-axie-infinity","tag-cybercrime","tag-ronin"],"aioseo_notices":[],"amp_enabled":true,"views":"29","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/15871","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=15871"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/15871\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/15870"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=15871"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=15871"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=15871"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}