- Gaming network Ronin has recovered $10 million from an attacker it described as a white hat hacker
- The network said it’s in the process of recovering an additional $2 million
- Ronin suspected the attack to be orchestrated through an accidental front run by an MEV bot
Three years after losing over $540 million to hackers, gaming network Ronin has suffered another attack but managed to recover most of the funds this time. Ronin’s co-founder Aleksander Larsen said that the attacker, whom they suspect to be a white hat hacker has returned $10 million out of the $12 million siphoned, adding that they’re in the process of recovering the remaining $2 million. Ronin the attack was conducted through an accidental front-run using an MEV (maximum extractable value) bot, an indication that MEV bots are a security threat to blockchain projects.
$500,000 for Being Vigilant and Honest
The attack was first reported by white hat hackers and Ronin responded by halting the network. According to Ronin, the protocol will reward the ethical hackers with a $500,000 bounty “for their vigilance and integrity.”
The @Ronin_Network bridge has been paused while we investigate a report from whitehats about a potential MEV exploit.
We will follow up with more information shortly.
The bridge currently secures over $850M which is safe https://t.co/lUjIIgb1DD
— Psycheout.ron (@Psycheout86) August 6, 2024
The executive also revealed that operations on the Ronin bridge will remain suspended as the team conducts an audit. Larsen added that they intend to change the bridge’s current operation structure.
Update:
The ETH (~$10 M) has been returned and we expect that the USDC will be returned later today. We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty.
The bridge will undergo an audit before it is…
— Ronin (@Ronin_Network) August 6, 2024
Ronin’s measures limiting the size of a single withdrawal helped reduce the amount of funds siphoned from the platform. According to the Ronin team, the attack was made possible by a weakness in an upgrade initiated shortly before the incident.
MEV Bots Aren’t Fair?
Although MEV bots are meant to place automated transactions whenever they see an opportunity on a blockchain, some in the crypto community argue that they aren’t fair and they compromise a blockchain’s integrity.
The attack comes six months after Ronin’s creator Sky Mavis revealed plans to slash its DEX’s liquidity provider rewards by half. It also comes seven months after Ronin Wallet introduced new features such as an inbuilt web browser and multichain support.
Although Ronin was lucky to recover the funds, it raises questions about the security of the platform having suffered previous incidents using different attack vectors.
