News
Ronin Bridge Paused, Restarted After $12M Drained in Whitehat Hack
-
Ronin, a bridging service, was paused after $12 million in tokens were drained from the platform.
-
The exploit was conducted by so-called whitehat hackers and talks about returning the tokens are occurring.
Prominent crypto bridging service Ronin was paused earlier Tuesday after a whitehat hack drained $12 million in tokens from the platform.
"Earlier today, we were notified by white-hats about a potential exploit on the Ronin bridge. After verifying the reports, the bridge was paused approximately 40 minutes after the first on-chain action was spotted," Ronin Network posted on X .
"Today’s bridge upgrade, after being deployed through the governance process, introduced an issue leading the bridge to misinterpret the required bridge operators vote threshold to withdraw funds."
A total of 4,000 ether (ETH) , worth about $9.8 million at current prices, and $2 million worth of USDC was withdrawn from the bridge. Ronin developers are in talks with the hackers over returning the funds.
MEV bot whitehatted (hopefully) a Ronin Bridge issue for almost ~4k ETH. Bridge got paused already. https://t.co/yfOhS3lPa0 pic.twitter.com/n0M6Hv2A5y
— sudo rm -rf --no-preserve-root / (@pcaversaccio) August 6, 2024
"Whitehat" typically refers to an individual or entity that attacks or exploits software to identify security vulnerabilities so they can be fixed before being exploited by attackers. Bridges are tools used to transfer tokens between different blockchains where they weren’t originally supported.
In 2022, Ronin Network suffered a $625 million exploit after a hacker “used hacked private keys in order to forge fake withdrawals.” At the time it was one of the largest attacks in decentralized finance (DeFi).
Ronin’s RON tokens, up 6.1% in the past 24 hours amid a broader market rise, were little changed after the announcement.
UPDATE (AUG 6, 13:52 UTC) : Updates amount withdrawn to $12 million; adds response from Ronin Network, link to 2022 Ronin Network exploit.