Ronin Hit By $12 Million Exploit, Possibly By White Hat Hacker

Crypto bridging service Ronin paused its services after a white hat hacker drained $12 million in tokens from the platform.

The Ronin Network posted on X that they were alerted by white hats about a potential exploit, leading to the bridge being paused 40 minutes after the first on-chain action was detected.

The issue arose from a recent bridge upgrade, which misinterpreted the required bridge operators’ vote threshold to withdraw funds. A total of 4,000 ether (ETH), valued at about $9.8 million, and $2 million worth of USDC were withdrawn. Ronin developers are currently in talks with the hackers to return the funds.

Bridges are crucial tools that allow tokens to be transferred between different blockchains where they were not initially supported.

In 2022, Ronin Network suffered a $625 million exploit, one of the largest attacks in decentralized finance (DeFi), when a hacker used compromised private keys to forge fake withdrawals. Despite this history, Ronin’s RON tokens remained relatively stable, up 6.1% in the past 24 hours.

– Advertisement –

According to blockchain security firm PeckShield, the exploit may have been carried out by a white hat hacker performing tests to identify vulnerabilities in the Ronin bridge. Such hackers typically return stolen funds after proving the presence of bugs. This optimism is supported by the transaction details, which show the involvement of a maximal extractable value (MEV) bot, commonly used by validators for arbitrage opportunities in DeFi.

MEV bots, while generally used for legitimate purposes, can sometimes unintentionally exploit loopholes. The $9.8 million transaction was executed by an MEV bot known as “0x4ab,” which then transferred 3.9 ETH to a wallet known as “beaverbuild,” suggesting the possibility of a white hat operation.

Crypto hacks have been escalating in 2024. The first quarter alone saw $542.7 million stolen, a 42% increase from the same period in 2023. July was particularly severe, with over $266 million stolen across 16 attacks, including a $230 million theft from Indian exchange WazirX, the second-largest hack of the year.

The WazirX hacker has been attempting to funnel the stolen funds, consolidating $57 million worth of ETH into new addresses by July 22.

 

Financefeeds.com