Popular crypto bridging service Ronin Bridge was halted on Tuesday after a whitehat hacker, acting ethically to expose a vulnerability, drained roughly $12 million in tokens from the platform.
The incident unfolded when whitehat hackers alerted Ronin Network of a potential exploit on the bridge. “After verifying the reports,” Ronin Network stated on their X (formerly Twitter) account, “the bridge was paused approximately 40 minutes after the first on-chain activity was spotted.”
According to Ronin, a recently deployed bridge upgrade, approved through their governance process, contained a critical flaw. This flaw caused the bridge to misinterpret the required number of bridge operator votes needed to authorize fund withdrawals. This misinterpretation allowed the whitehat hacker to remove a total of 4,000 ETH (approximately $9.8 million) and $2 million worth of USDC stablecoin.
Collaboration With The “Hacker”
While the incident involved unauthorized access to funds, Ronin developers are reportedly in communication with the whitehat hacker to negotiate the return of the stolen funds. This approach highlights a growing trend within the crypto space where whitehat hackers work with platforms to address vulnerabilities before they are exploited by malicious actors.
The incident reignites concerns about bridge security within the DeFi (decentralized finance) ecosystem. Bridges act as crucial gateways, allowing users to transfer crypto assets between otherwise incompatible blockchains. However, these bridges have become a frequent target for hackers, with Ronin itself suffering a devastating $625 million exploit in 2022.
Despite the incident, Ronin’s native token, RON, remained relatively stable, experiencing a slight increase of 6.1% within the last 24 hours, likely bolstered by a broader market upswing.
This event underscores the ongoing challenge of securing bridges within DeFi. As the popularity of these services continues to rise, developers and security researchers must work together to identify and address vulnerabilities before they are exploited by malicious actors.
Disclaimer: The information in this article is for general purposes only and does not constitute financial advice. The author’s views are personal and may not reflect the views of Chain Affairs. Before making any investment decisions, you should always conduct your own research. Chain Affairs is not responsible for any financial losses.
About The Author
