Original | Odaily Planet Daily ( @OdailyChina )
Author | Asher ( @Asher_0210 )
Yesterday afternoon (August 6), according to Paidun monitoring, the gaming blockchain Ronin was suspected to have been hacked, and about 4,000 ETH and 2 million USDC were stolen, worth about 12 million US dollars.
Ronin was stolen again? The first reaction from various communities was disbelief. “Everyone is looking forward to the launch of popular games like Pixels on the Ronin ecosystem again. How could a theft happen at this time?” Some people even joked, “Can we take the opportunity to buy it at a low price? After all, it is unlikely that they will be attacked twice in one year!”
After the theft spread quickly in the community, the price of RON fell further in its original downward trend, falling to as low as $1.25, a drop of more than 8% in a short period of time.
Image source: coingecko
The team responded immediately: Ronin Bridge has been temporarily suspended and more information will be released later
In response to the communitys concern about the Ronin Bridge being attacked, Ronin COO Psycheout immediately posted on the X platform that the Ronin Network bridge has been suspended while we investigate the white hat hackers report on the potential MEV vulnerability. The team will release more information soon and emphasize that the Ronin Bridge currently secures more than $850 million in funds.
Ronin COOs response to the theft
Meanwhile, Ronin also posted on the X platform that earlier today, a white hat informed Ronin of a possible vulnerability. After verifying the report, the Ronin bridge was suspended about 40 minutes after the first on-chain operation was discovered. The attacker withdrew about 4,000 ETH and 2 million USDC, worth about $12 million, which is the maximum amount of ETH and USDC that can be withdrawn from the bridge in a single transaction withdrawal. The bridge limit is an important guarantee for improving the security of large fund withdrawals and effectively prevents further damage caused by this vulnerability.
Ronin said that due to an issue introduced after the bridge upgrade was deployed through the governance process, the cross-chain bridge misunderstood the bridge operator voting threshold required to withdraw funds. Efforts are currently underway to find a solution to the root cause. The bridge update will be subject to a rigorous audit and then the bridge operator will vote on whether to deploy it. Negotiations are currently underway with these seemingly white hat hackers, who have responded in good faith. Regardless of the outcome of the negotiations, all user funds are safe, and any shortfall will be re-deposited when the bridge is opened. Post-mortem analysis results will be shared next week, which will introduce technical details and planned measures to prevent similar incidents in the future.
Cause of the vulnerability: The Ronin Bridge vulnerability was caused by the weight being modified to an unexpected value, and funds could be withdrawn without multi-signature consent
After the theft, the Beosin security team analyzed that the root cause of the abnormal behavior was that when the project upgraded the contract, the operator weight required for cross-chain transaction confirmation was not initialized properly, resulting in the minimumVoteWeight parameter in the contract being zero, so that anyones signature can pass the cross-chain verification. At present, Ronin bridge has lost 3,996 ETH, and the funds are stored at 0xc6aec68dd6272efcbc74fb5308fe7f070437465e (this address is MEV bot, so it is speculated that it may be white hat behavior).
Ronin Bridge Vulnerability Analysis
Fortunately, the hacker attack on Ronin was indeed a white hat hacker. According to the relevant information released by Ronin on the X platform, the white hat hacker has returned about $10 million in ETH and 2 million USDC, and stated that the bug bounty program will reward the white hat with a bounty of $500,000. At the same time, the Ronin bridge will be audited before reopening, and the latest news will be provided when the audit progresses.
Ensuring the safety of funds is always the top priority
The Ronin theft incident has caused strong negative emotions in the community because the Ronin chain has been hacked many times before, further exacerbating everyones sensitivity and panic about security issues. Fortunately, this incident only involved attacks by white hat hackers, and user funds on the Ronin chain are safe.
However, according to a recent report from blockchain intelligence firm TRM Labs, hackers stole more than twice as much cryptocurrency (in dollar value) in the first half of 2024 as in the first half of 2023. Data shows that as of June 24 this year, the total amount of cryptocurrency thefts reached $1.38 billion, compared with $657 million in the same period of 2023. The five largest hacking incidents so far this year accounted for 70% of the total amount stolen. It can be seen that with the rapid development of the Web3 industry, the amount of stolen funds has increased significantly. Therefore, whether it is users or project parties, ensuring the security of funds is always the top priority. For project parties, a theft will result in the loss of a large number of real users; for users, a theft may mean a year of work in vain.
