Table of Contents
Early Tuesday, the bridge connecting the Ethereum blockchain with the gaming-centric Ronin sidechain was suspended following another breach, resulting in the loss of approximately $12 million in assets. However, most of these funds have since been recovered.
This incident, potentially a “MEV exploit,” was revealed by ethical hackers, according to Ronin co-founder Aleksander Larsen on Twitter. Larsen assured users that the bridge, safeguarding over $850 million in assets, remains secure.
Ronin Exploit
The Ronin team reported that around 4,000 ETH and $2 million in USDC stablecoins were stolen, totaling about $12 million in assets. Safeguards that limit the size of individual withdrawals helped mitigate the impact of the attack. This happened amid the growing popularity of gaming chains and tokens.
By late Tuesday morning, the Ronin team confirmed the return of all the ETH—approximately $10 million—and anticipated the return of the USDC later in the day. They also announced a $500,000 reward for the ethical hackers who identified the exploit and returned the stolen funds.
The Ronin team attributed the exploit to a problem with a bridge upgrade launched earlier that day, which “introduced an issue causing the bridge to misinterpret the required operator vote threshold for fund withdrawals.”
Adrian Hetman, head of triaging at blockchain security firm Immunefi, explained that bridge upgrades often present opportunities for attacks as they can create new vulnerabilities between chains.
“Upgrades can introduce new attack vectors, and without proper security measures, they can potentially lead to catastrophic failures,” Hetman said, referencing the 2022 Nomad protocol attack as a prime example.
Ronin’s developers stated that the bridge code would undergo an audit before being reactivated and mentioned plans to collaborate with network validators to transition the bridge’s operation away from its current structure.
Initially developed for Axie Infinity—a popular monster-battling game that saw billions in NFT trading volume in 2021—Ronin has since expanded to include games from other studios, such as the social farming game Pixels.
Currently, Ronin’s native token, RON, has been only slightly affected by the news. Despite a decline in the hours following the attack, RON rebounded slightly and remains up over 2% in the past day, benefiting from a broader market recovery after Monday’s downturn. The token is priced at $1.43 at press time, down 27% over the past week.
This is not Ronin’s first security breach. In March 2022, a significant hack resulted in the loss of $622 million, an attack attributed to North Korea’s Lazarus hacking group by the U.S. Treasury. The bridge was offline for several months but eventually relaunched with enhanced decentralization and user refunds from Sky Mavis.
What Else is There
A more recent incident in February saw $9.5 million in ETH stolen from Ronin wallets, including those belonging to Sky Mavis and Ronin Network co-founder Jeff Zirlin. A comprehensive postmortem report on the incident is expected to be released next week.
Ronin co-founder Aleksander Larsen referred to “MEV” bots, which stand for maximum extractable value bots. These bots are software tools designed to scan blockchains for profitable opportunities, executing automated transactions to exploit these chances. The use of MEV bots has sparked controversy due to concerns over fairness and network integrity.
Critics argue that MEV bots exploit regular users, increase transaction fees, and centralize power among technologically adept operators by enabling practices like front-running, sandwich attacks, and back-running. Proponents, however, believe these bots enhance market efficiency. This debate underscores the tension between profit-driven behaviors and the blockchain principle of equal access.
This latest incident with Ronin occurs against a backdrop of increasing worries about the security of blockchain bridges. According to a recent report by Immunefi, over $1.19 billion has been lost to hacks and fraud this year, a 16.3% increase compared to the same period last year. Blockchain bridges remain particularly vulnerable to such attacks.
“Bridges handle substantial amounts of money and facilitate large transactions daily,” Immunefi’s Adrian Hetman. “This makes them an attractive target for black hat hackers aiming to steal funds, as well as for white hat hackers working to safeguard users and the project. It’s crucial to implement stringent internal and external security measures to protect these systems.”
Featured image by Ronin Network
