TL;DR
- The Ronin Network, a blockchain platform focused on gaming, announced the return of $10 million in USDC by white hat hackers, who will receive a $500,000 reward for their ethical actions. The network expressed gratitude towards these hackers.
- Earlier, the Ronin Network was alerted by ethical hackers about a potential vulnerability in the bridge. The bridge was paused approximately 40 minutes after the first suspicious activity was detected, preventing more extensive damage.
- The exploit was traced back to a recent update, and the Ronin Network is addressing the root cause with thorough audits before seeking approval from bridge operators for deployment. Negotiations with the ethical hackers are ongoing.
The Ronin Network, a blockchain platform focused on gaming, has announced the return of $10 million in USDC by white hat hackers. These ethical hackers will receive a $500,000 reward for their responsible actions. The Ronin Network expressed gratitude towards these hackers, acknowledging their crucial role in recovering the stolen funds.
Update:
The ETH (~$10 M) has been returned and we expect that the USDC will be returned later today. We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty.
The bridge will undergo an audit before it is…
— Ronin (@Ronin_Network) August 6, 2024
In response to the incident, the Ronin Network has announced a comprehensive audit of the bridge before it is reactivated. The network plans to restructure the bridge’s operations, collaborating with Ronin validators to implement a new system.
Updates on these changes will be provided as work progresses. The network also thanked its community and supporters for their patience and backing during this challenging period.
Ronin Network’s Incident Overview
Earlier in the day, the Ronin Network was alerted by ethical hackers about a potential vulnerability in the bridge. Following verification, the bridge was paused approximately 40 minutes after the first suspicious activity was detected.
The attackers managed to withdraw around 4,000 ETH and 2 million USDC, totaling approximately $12 million. This was the maximum limit for a single transaction withdrawal from the bridge, a safeguard designed to enhance the security of large withdrawals and which successfully prevented more extensive damage.
Addressing the Root Cause
The recent update has been identified as the source of the exploit. The Ronin Network is actively working to resolve the underlying issue and plans to perform comprehensive audits on the bridge update before obtaining approval from bridge operators for its implementation.
They are negotiating with ethical hackers, who have shown good faith. Regardless of the outcome of these negotiations, all user funds are secure, and any shortfalls will be replenished once the bridge is operational again.
Bug Bounty Program
The individuals behind the Ronin Bridge exploit have returned around $10 million worth of stolen Ethereum (ETH). As a reward for their efforts, the white hat hackers will be compensated through the network’s Bug Bounty Program.
The Ronin network announced an update revealing that nearly $10 million of the stolen funds have been recovered as of Tuesday. However, there is still about $2 million in USDC stablecoin that remains to be returned. In a gesture of goodwill, the network is offering up to $500,000 in rewards to the ethical hackers who helped in this effort.
This reward acknowledges their use of cybersecurity skills to identify the vulnerability, prompting the network to conduct an audit before reopening the bridge for public use. Furthermore, the operations will transition from the existing framework as Ronin validators strive to introduce a new solution.
Tuesday Attack Explained
The report indicates that due to existing protective measures, exploiters managed to extract only $12 million. Notably, a bridge limit is in effect, which restricts substantial fund withdrawals.
This system halted any additional withdrawals amid the exploit. The gaming-centric blockchain identified the factors that triggered the attack, referencing a recent update and confirming that solutions are already in progress.
