Ronin Bridge Exploit Causes Platform Damage of Nearly $10 Million

Key Points:

• The Ronin Network temporarily suspended its bridge after a suspicious transaction of nearly $10 million was detected.
• Security experts suggest the Ronin bridge exploit might involve a Miner Extractable Value (MEV) bot, with speculation that it could be a white-hat hacker aiming to highlight a vulnerability.

The Axie Infinity game’s associated Ronin Network has closed its bridge after detecting a suspicious transaction of nearly $10 million.

Read more: Layer 2 Ronin zkEVM Is Coming Soon To Enhance Blockchain Scalability

Investigation Underway for Ronin Bridge Exploit

A transfer of more than 3,996 ETH at roughly 9:37 a.m. UTC on Tuesday rang the alarm, and subsequently, the bridge went offline at 10:15 a.m. Security experts believe the Ronin bridge exploit could be with a Miner Extractable Value bot that withdrew 4,000 ETH.

Axie Infinity and Ronin Network co-founder Aleksander Larsen announced the suspension on X, citing “a report from whitehats about a potential MEV exploit.” He reassured that the bridge, which holds more than $850 million in assets, is secure. “We will follow up with more information shortly,” Larsen added.

An investigation into the Ronin bridge exploit is already underway, with many in the community speculating that the transaction may have been performed by a white-hat hacker—a cybersecurity expert who works at the moment to bring to the fore the different vulnerabilities in an ethical way rather than posing harm. However, it is still not clear whether the 4,000 ETH would be recovered in full.

Security Setbacks After Previous $600 Million Hack

Ronin Network has committed to an independent audit of the bridge update and will not deploy it until the bridge operators approve it. The network stated, “all user funds are safe and any shortfalls will be re-deposited into the bridge when it opens up.”

It’s not the first time that security has been an issue for Ronin. In 2022, an Ethereum sidechain lost $600 million due to the compromise of validator node keys. At that time, the vulnerability was caused by an update recently made to the bridge, which misinterpreted the threshold of votes required for the withdrawal of funds.