On August 6, 2024, the Ronin Network, a blockchain platform used for gambling, faced a critical security breach when white-hat hackers exploited a vulnerability in its bridge. The attackers managed to withdraw $12 million in total, comprising 4,000 ETH and 2 million USDC. This incident was facilitated by an undocumented flaw introduced in a recent bridge update, which allowed unauthorized fund withdrawals. The bridge’s built-in security measures, which limit the maximum withdrawal amount, helped prevent an even larger loss.
Following the breach, the Ronin Network acted swiftly to mitigate the damage. The bridge was paused for 40 minutes while the vulnerability was assessed. The Ronin team identified that the flaw arose from a recent update that incorrectly altered the vote threshold required from bridge operators for fund withdrawals. This misconfiguration enabled the unauthorized transaction. The team is now working on a comprehensive fix, which will undergo rigorous audits before being redeployed.
The white-hat hackers, who discovered the vulnerability during their attack, have fully returned the stolen funds. In recognition of their efforts to expose the flaw and assist in the security review, they will receive a $500,000 bounty. The Ronin Network has announced that it will abandon the current bridge structure and develop a new solution in collaboration with Ronin validators to enhance security and prevent future breaches.
This incident follows a previous major hack in March 2022, when the Ronin bridge was compromised by the Lazarus Group, resulting in the theft of $625 million. Although some funds were recovered by law enforcement, the recent breach highlights ongoing vulnerabilities in the platform. As the Ronin Network moves forward with its new security measures, it underscores the importance of continuous vigilance and proactive security enhancements in the cryptocurrency sector.
Reference:
