Ronin Network, the blockchain behind the Axie Infinity game faced a serious security breach.
The network lost nearly $9.8 million worth of ETH in what initially seemed to be a malicious attack.
Major security breach, but with a twist
White hat hackers exploit vulnerabilities to showcase security flaws, allowing them to be fixed before malicious actors can take advantage.
They are often rewarded with bug bounties, which is better incentive than loot some money and hiding from the authorities.
The Ronin exploit might have been such an operation. The incident involved a maximal extractable value (MEV) bot, a tool used by validators to find arbitrage trading opportunities in decentralized finance platforms.
In this case, the MEV bot, identified as “0x4ab,” executed a transaction and transferred 3.9 ETH to a wallet labeled “0x952” or “beaver build.”
Ronin Network confirmed that around 4,000 ETH and 2 million USDC were withdrawn—the maximum amounts allowed in a single transaction.
The Axie Infinity contract deployer thanked the hacker for protecting user funds and initiated a conversation to facilitate the return of the assets.
It’s payday for the hacker
The dialogue led to the return of all the stolen funds. Etherscan’s data shows the MEV bot returned 3,991 ETH to the Ronin team at 3:04 pm UTC.
The remaining 5 ETH were not returned, but the bot owner received a $500,000 reward for discovering the exploit.
Ronin Network explained that a new bridge upgrade, deployed through its governance process, introduced a flaw that caused the bridge to misinterpret the required vote threshold for fund withdrawals.
The network is now addressing this issue and plans a new bridge upgrade, which will undergo thorough more careful audits before deployment.
Looks like Ronin hacks are back on the menu?
This incident is not Ronin Network’s first time with security breaches. Last year, the Ronin Bridge was also hacked, resulting in over $600 million in losses, marking one of the largest crypto heists in history.
