Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
The imposed security audit prompted the platform to review its defense mechanisms.
Yesterday, a high-profile security incident on the Ronin Network blockchain occurred in cyberspace. White hackers took advantage of the vulnerability of the Ronin bridge and withdrew 4,000 ETH and 2 million USDC, which is equivalent to $ 12 million. This amount corresponds to the maximum amount possible for withdrawal in a single transaction, which prevented a potentially larger theft.
The hackers notified the Ronin Network team about the vulnerability found directly during their attack. Immediately after the withdrawal of funds, the bridge was suspended for 40 minutes.
Although a detailed analysis of the incident will not be published until next week, Ronin can already say that the reason for the exploit was a recent bridge update deployed through the management process, which introduced a flaw in the security system.
The error caused the bridge to misinterpret the required threshold of operator votes required to authorize withdrawal of funds, which allowed unauthorized actors to perform malicious actions.
The Ronin Network team is working to address the root cause of the bug and plans to thoroughly review the fixes before they are approved and implemented. The bridge will remain suspended and will undergo intensive checks before being restarted. At the same time, the Ronin Network announced that the current bridge structure will be replaced with a new solution developed in collaboration with Ronin validators.
At the same time, the white hackers have fully recovered the stolen funds and will now receive a reward of $500,000 for their forced security audit. Previously, the Ronin platform stated that all user funds will be saved, and any losses will be fully compensated, even if hackers do not return the stolen goods.
It is noteworthy that the Ronin Network bridge was already attacked in March 2022. Then the North Korean group Lazarus, which was eventually credited with cryptography, managed to steal a crazy $ 625 million, breaking all records for digital financial scams.
Of course, Lazarus did not return the stolen funds, as they immediately went to finance the DPRK's nuclear program. However, law enforcement agencies managed to track down and recover about $30 million in September 2022 and another $5.8 million in February 2023.
Source
Yesterday, a high-profile security incident on the Ronin Network blockchain occurred in cyberspace. White hackers took advantage of the vulnerability of the Ronin bridge and withdrew 4,000 ETH and 2 million USDC, which is equivalent to $ 12 million. This amount corresponds to the maximum amount possible for withdrawal in a single transaction, which prevented a potentially larger theft.
The hackers notified the Ronin Network team about the vulnerability found directly during their attack. Immediately after the withdrawal of funds, the bridge was suspended for 40 minutes.
Although a detailed analysis of the incident will not be published until next week, Ronin can already say that the reason for the exploit was a recent bridge update deployed through the management process, which introduced a flaw in the security system.
The error caused the bridge to misinterpret the required threshold of operator votes required to authorize withdrawal of funds, which allowed unauthorized actors to perform malicious actions.
The Ronin Network team is working to address the root cause of the bug and plans to thoroughly review the fixes before they are approved and implemented. The bridge will remain suspended and will undergo intensive checks before being restarted. At the same time, the Ronin Network announced that the current bridge structure will be replaced with a new solution developed in collaboration with Ronin validators.
At the same time, the white hackers have fully recovered the stolen funds and will now receive a reward of $500,000 for their forced security audit. Previously, the Ronin platform stated that all user funds will be saved, and any losses will be fully compensated, even if hackers do not return the stolen goods.
It is noteworthy that the Ronin Network bridge was already attacked in March 2022. Then the North Korean group Lazarus, which was eventually credited with cryptography, managed to steal a crazy $ 625 million, breaking all records for digital financial scams.
Of course, Lazarus did not return the stolen funds, as they immediately went to finance the DPRK's nuclear program. However, law enforcement agencies managed to track down and recover about $30 million in September 2022 and another $5.8 million in February 2023.
Source
