Ronin Network, a leader in the gaming blockchain sector and the backbone of the play-to-earn game Axie Infinity, experienced a major security breach. An exploit caused the network to lose approximately $9.8 million worth of Ether (ETH).
Initial reactions labeled this event as another malicious attack. However, new developments hint that a white hat hacker might have conducted it, and the attacker has agreed to return the funds fully. As of the time of writing, the white hat hacker has returned 3,991 ETH.
Was Ronin Exploit Just an Accidental White Hat Operation?
These ethical hackers typically exploit vulnerabilities to expose security flaws, fix the issues, and then return the stolen assets.
The August 6 update from PeckShield proposed that such a white-hat hacker might have carried out the exploit.
Notably, the exploit involves a maximal extractable value (MEV) bot. MEV bots are tools validators use to seek arbitrage opportunities across decentralized finance (DeFi) platforms.
#PeckShieldAlert @Ronin_Network #whitehacked? or Hacked? (w/ ~ $9.33M) pic.twitter.com/wfaY0zhVdI
— PeckShieldAlert (@PeckShieldAlert) August 6, 2024
These bots can automatically implement strategies to capitalize on market price differences. In this case, the transaction was executed by an MEV bot identified as “0x4ab,” which subsequently transferred 3.9 Ether tokens of the funds to a wallet known as “0x952” or “beaver build.”
Ronin Network later confirmed that approximately 4,000 ETH and 2 million USDC were withdrawn—the maximum amounts that could be taken out in a single transaction.
The Axie Infinity contract deployer thanked the hacker for safeguarding user funds.
“Hey, thanks a lot for white-hat saving user funds today,” they said. “Can we chat over Blockscan chat?”
The aftermath of the chat eventually led to a return of all funds. All the Ethers have been sent, and the USDC is expected to be fully returned later today.
Update:
The ETH (~$10 M) has been returned and we expect that the USDC will be returned later today. We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty.
The bridge will undergo an audit before it is…
— Ronin (@Ronin_Network) August 6, 2024
It was speculated that the bot may have accidentally front-run the attack. When the ETH was returned, it was worth over $10 million.
From Breach to Resolution: The Return of the Funds
According to data from block explorer Etherscan, the MEV bot that drained the funds has returned nearly all of them.
3,991 ETH was transferred to the Ronin team at 3:04 pm UTC, while the remaining 5 ETH were not returned.
As a sign of goodwill to the Mev Bot owner, the Ronin team announced that the bot’s owner was rewarded $500,000 for discovering the exploit.
The Ronin team further explained that a recent bridge upgrade, deployed via its governance process, introduced an issue that led the bridge to misinterpret the required vote threshold for fund withdrawals.
They are now working on a solution to this problem, with plans for a new bridge upgrade to undergo intensive audits before deployment.
Ronin’s history with security breaches adds context to this latest incident. Just late last year, the Ronin Bridge was hacked for over $600 million in what remains one of the largest crypto heists.
The broader implications of this incident extend to the entire cryptocurrency sector, which has seen a worrying increase in hacks in 2024.
The first quarter alone reported $542.7 million stolen—a 42% rise from the same period in 2023. July was particularly devastating, with over $266 million worth of crypto hacks across 16 incidents, including the $234 million theft from WazirX.