HQ/EMEAFind out how we can help your business
Ronin Network, a gambling blockchain entity, suffered a security breach after white hat hackers used an unreported flaw on its bridge. The vulnerability allowed these hackers to withdraw 4,000 ETH and 2 million USDC, totalling $12 million.
Reports revealed that this total value is the maximum amount of ETH and USDC a user may withdraw from the platform’s bridge in one transaction. Hence, addressing the bug is critical to avoid the theft of potentially enormous funds.
Ronin Network suspended the misconfigured bridge after the ethical hackers notified them.
The white-hat hackers informed Ronin Network about the exploit on the bridge by demonstrating how they executed their attack. After becoming aware of the exploit, the blockchain immediately suspended the bridge’s withdrawal system.
Although a comprehensive assessment of the exploit will be revealed next week, Ronin can confirm that it was caused by a recent bridge update distributed via the governance process. The exploit also noted that the flaw prompted the bridge to misread the required vote threshold of bridge operators to enable fund withdrawals, allowing unauthorised individuals to carry out illicit actions.
On the other hand, the Ronin Network team is working on resolving the fundamental problem. The remedy will be thoroughly audited before it is voted on and distributed by bridge operators to guarantee that similar incidents do not reoccur.
However, the bridge will remain closed and undergo extensive inspections before becoming available again. At the same time, the Ronin Network declared that the current structure would be ended in favour of a new solution established with Ronin validators.
Meanwhile, the white-hat hackers have returned the stolen assets and will earn a $500,000 reward for their efforts. Ronin has previously stated that even if the hackers did not respond positively and kept the stolen assets, all user funds would be protected, and any losses would be fully repaid.
Lastly, whether the hackers abused the critical vulnerability before or after informing Ronin of the flaw and whether they wanted a bug bounty reward to return the money is unknown.
