Ronin network falls victim to another exploit
The Ronin Network, a blockchain platform tailored for play-to-earn gaming and based on Ethereum Virtual Machine, has been compromised once again, marking its second significant security breach in two years. Over $11 million has been illicitly transferred out of the network.
Blockchain security entity PeckShield disclosed via 𝕏 that a Maximal Extractable Value (MEV) bot extracted funds in Ether (ETH) and USD Coin (USDC) amounting to $11.33 million from the Ronin Network’s bridge. The nature of these transactions, whether they were conducted by malicious actors or benign hackers aiming to highlight vulnerabilities, remains under speculation.
In the initial transaction, the MEV bot diverted 4,000 ETH, valued at approximately $9.33 million, from the Ronin Bridge. Following this, the bot transferred close to $2 million in USDC, converting it to 796 Wrapped Ether (WETH) through a swap on the Uniswap V3 decentralized exchange.
Following PeckShield’s notification, Sky Mavis’ co-founder and COO, Aleksander Leonard Larsen, announced that they have temporarily halted the Ronin Network’s operations to closely investigate a potentially exploitative MEV maneuver, as flagged by benevolent hackers.
Larsen assured that the Ronin Bridge's reserves, surpassing $850 million in various crypto assets, remain secure. He noted that comprehensive details concerning the breach will be shared upon concluding a detailed investigation.
This latest breach into Ronin's defenses has rekindled worries within the cryptocurrency community, reminding many of a significant incident two years prior. In March 2022, Ronin was the target of an unprecedented heist, with attackers draining about $620 million in ETH and USDC by compromising the network's validator nodes.
In response, Sky Mavis offered a bug bounty of $1 million for the return of the lost funds. However, the culprits, identified as the infamous cybercriminal group Lazarus Group from North Korea, had already laundered the funds through centralized exchanges, the Bitcoin blockchain, and the crypto mixing service Tornado Cash.
The network faced significant challenges in recovering from the aftermath of this violation, taking three months to reopen the bridge with a mandatory software update for its validators through a hard fork.
The issue of security breaches extends beyond the Ronin Network itself; Jeff Zirlin, one of its co-founders, earlier this year fell victim to hackers, losing $10 million in ETH due to vulnerabilities in his wallet’s security.
