- Ronin Network’s second hack in two years siphoned over $11 million, raising security concerns within the crypto community.
- The latest Ronin hack involved a Maximal Extractable Value bot withdrawing $11.33 million in ETH and USDC from Ronin Bridge.
- Sky Mavis paused Ronin operations to investigate the hack, assuring users that $850 million in assets are safe.
Ronin Network, the Ethereum Virtual Machine blockchain for play-to-earn games, just experienced its second major attack in around two years. Exploiters took more than $11 million from the protocol.
#PeckShieldAlert @Ronin_Network #whitehacked? or Hacked? (w/ ~ $9.33M) pic.twitter.com/wfaY0zhVdI
— PeckShieldAlert (@PeckShieldAlert) August 6, 2024
According to PeckShield, a blockchain security business, a Maximal Extractable Value (MEV) bot withdrew Ether (ETH) and USD Coin (USDC), valued at $11.33 million, from the network’s Ronin Bridge. The firm speculated on whether the transactions were executed by exploiters or whitehat hackers.
Details of the Latest Hack
In the first transaction, 4,000 ETH worth $9.33 million left the Ronin Bridge to the MEV bot address. In the second transaction, the MEV bot withdrew approximately $2 million worth of USDC. On Uniswap V3, a decentralized exchange, the bot then exchanged it for 796 Wrapped WETH.
Aleksander Leonard Larsen, the co-founder and chief operational officer of Sky Mavis, disclosed that the protocol’s staff had stopped working soon after PeckShield’s notice. They are investigating a report from whitehat hackers about a potential MEV exploit.
The @Ronin_Network bridge has been paused while we investigate a report from whitehats about a potential MEV exploit.
— Psycheout.ron (@Psycheout86) August 6, 2024
We will follow up with more information shortly.
The bridge currently secures over $850M which is safe https://t.co/lUjIIgb1DD
Larsen assured that the Ronin Bridge holds more than $850 million in cryptocurrencies and that all assets are safe. More information will be available after the team completes an in-depth analysis.
Historical Context and Previous Incidents
This latest attack has stirred concerns in the crypto community. They fear a repetition of the incident that shook the network two years ago. In March 2022, Ronin Network fell victim to the largest crypto hack ever, losing roughly $620 million in ETH and USDC due to compromised validator nodes.
Besides, Sky Mavis had offered a $1 million bug bounty in exchange for the funds. However, the attackers revealed to be the notorious North Korean hacking entity Lazarus Group, spread the stolen stash across centralized exchanges, the Bitcoin network, and the crypto mixer Tornado Cash.
Impact and Future Implications
The Ronin Network suffered a hit after the incident. Consequently, it struggled to reimburse affected users. Three months after the attack, the project restarted the bridge, implementing a hard fork that required network validators to update their software.
If the current Ronin hacker proves to be a whitehat hacker, users could get their funds back. However, if not, this will be another loss for crypto investors. In February 2024, wallets belonging to Jeffrey Zirlin, co-founder of Sky Mavis, were hacked for $9.7 million worth of ETH. This raises more concerns about the security of the Ronin Network.