August 7, 2024 at 07:11PM
Ronin Network’s blockchain experienced a security breach as white hat hackers exploited an undocumented vulnerability, withdrawing $12 million in assets. Promptly, they notified Ronin about the breach and the bridge was halted for verification. A post-mortem revealed a flaw in a recent bridge update, prompting Ronin to develop a new solution and work on a fix. White hat hackers returned the funds and will receive a $500,000 reward. Previous lapses lead to a $625 million loss from a hack by the ‘Lazarus Group,’ with partial recovery by law enforcement.
From the meeting notes, the key takeaways are:
– Ronin Network suffered a security incident where white hat hackers exploited an undocumented vulnerability on the Ronin bridge, withdrawing 4,000 ETH and 2 million USDC, totaling $12 million.
– The exploit was due to a recent bridge update that introduced a security flaw, allowing unauthorized actors to perform damaging actions by misinterpreting the required vote threshold of bridge operators.
– The bridge was paused for 40 minutes, and a detailed post-mortem will be released next week.
– The Ronin Network is working on resolving the root cause and will undergo thorough audits before deploying a fix.
– The bridge will remain paused and undergo intensive checks before reopening, with plans to abandon the current structure for a new solution developed with Ronin validators.
– The white-hats have returned the stolen funds and will receive a $500,000 bounty for their “forced audit.”
– Previous lapses in Ronin bridge security were highlighted, including a previous hack in March 2022, leading to significant losses.
These takeaways provide a clear understanding of the security incident, the response from Ronin Network, and the planned actions to prevent similar incidents in the future.