The Ronin Network has fallen victim to another exploit, with attackers successfully withdrawing approximately 4,000 ETH and 2 million USDC, valued at around $12 million.
The incident, which occurred today August 6,2024, was first reported by blockchain analytics platform PeckShield Alert a few hours ago. However the Ronin team confirmed two hours later stating that some white-hat hackers alerted them to a potential vulnerability in the Ronin bridge.
Upon verifying these reports, the team quickly paused the bridge. According to the team, that was approximately 40 minutes after the first suspicious on-chain activity was detected. But the attackers managed to withdraw the maximum amount of ETH and USDC allowed in a single transaction, a built-in safeguard designed to limit potential damage from such exploits.
The Ronin team explained that a bridge upgrade earlier in the day inadvertently introduced an issue causing the bridge to misinterpret the required vote threshold for approving fund withdrawals. They noted that they are actively working on a solution to address this issue and will conduct thorough audits before re-deploying the bridge, pending a governance vote by bridge operators.
The team also stated that it would release a post-mortem report detailing the technical aspects of the exploit and outlining preventive measures next week.
Negotiations with the actors, believed to be white-hat hackers, have begun and are progressing positively. The Ronin team assured that all user funds are safe, and any shortfalls will be covered when the bridge reopens regardless of the outcome of the negotiations.
This latest exploit adds to the network’s troubled history with security breaches. In March 2022, Ronin suffered one of the largest DeFi exploits in history, losing over $625 million in USDC and Ether (ETH) when attackers compromised validator nodes operated by Sky Mavis, the creators of the popular game Axie Infinity. The breach went undetected for several days, with the attackers exploiting a backdoor in the network’s RPC node to authorise fraudulent withdrawals.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”