Yesterday, $2 million in USDC and 4,000 ETH, or a total of $12 million, were taken out of the gambling blockchain Ronin Network by white-hat hackers using an undisclosed vulnerability on the Ronin bridge.
Yesterday, white-hat hackers used an unreported vulnerability on the Ronin bridge to extract $2 million in USDC and 4,000 ETH, totaling $12 million, from the gambling blockchain Ronin Network.
This value is the maximum amount of USDC and ETH that may be taken out of the bridge in a single transaction; hence, this crucial security feature prevents potentially enormous amounts from being stolen.
While the attack demonstration was being carried out, the white-hat hackers notified the Ronin Network about an exploit on the bridge. Following confirmation, there was a 40-minute halt on the bridge.
Ronin can confirm that the exploit was caused by a recent bridge upgrade that was distributed through the governance process and exposed a security flaw, even though a thorough post-mortem will be made public the following week.
Due to the issue, unauthorized actors were able to carry out harmful operations on the bridge by misinterpreting the necessary vote threshold of bridge operators required to enable fund withdrawals. In order to guarantee that such events won’t happen again, the Ronin Network team is attempting to identify the main cause and has said that the remedy will go through extensive audits prior to being voted on and implemented by the bridge operators.
Before reopening, the bridge will be put on hold and subjected to extensive inspections. Concurrently, the Ronin Network said that a new solution created in collaboration with Ronin validators will replace the current structure.
In the meantime, the white hats have paid back the entire amount of money that was taken, and they will also get a fat $500,000 reward for their “forced audit.”
Ronin had earlier said that all user payments would be guaranteed and any losses would be entirely reimbursed, even in the event that the hackers did not reply favorably and kept the stolen monies.
It’s unclear if the “researchers” used the bug before or after alerting Ronin to its existence, and if they asked to have the money returned in exchange for a bug bounty. Ronin was approached by BleepingComputer, but our emails have not been returned.
The largest cryptocurrency robbery in modern history involved a hack of Axie Infinity’s Ronin network bridge in March 2022, which cost $625,000,000 in cryptocurrency.
Later on, it came to light that the breach was carried out by the infamous North Korean hacker group “Lazarus Group,” who obtained privileged early access to the target systems using their usual social engineering ruse of a fictitious job interview.
In that instance, the hackers did not return any money, but the authorities were able to retrieve $30 million in September 2022 and an additional $5.8 million in February 2023.
Also read: Achieving Rapid Outcomes with AI-Driven Cloud Analytics
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
