Was the Ronin Network Hacked Yet Again? Here’s What We Know

Following a $9.8M exploit, Ronin Network halts its bridge to investigate and try to return the funds to users.

Two villains one with Ronin's face card in a hacking comic scene.
Created by Kornelija Poderskytė from DailyCoin
  • Ronin Network suffers another major hack. 
  • Specific differences indicate potential white hack involvement.  
  • Protocol claims they are hopeful to return the funds. 

The lines between malicious actors and others can sometimes be blurred in the crypto space. This is seen in the case of Ronin Network, a blockchain powering the NFT game Axie Infinity, which recently suffered a major breach. 

Sponsored

Just months after a breach in February, experts once again detected a potential $12 million exploit, forcing the network to shut down its bridge operations. Interestingly, it is still not clear whether the suspected hackers were malicious actors or whether users will get their money back. 

Hackers Target Ronin Network? 

On Tuesday, August 6, the Ronin Network detected an exploit that resulted in the loss of 3,996 ETH, valued at approximately $9.8 million. Blockchain security firm PeckShield first reported the suspicious transaction via social media, prompting Ronin to halt its bridge operations immediately. The network’s co-founder, Aleksander Larsen, confirmed the halting of bridge operations. 

The Ronin Network team reported that the exploit was linked to a recent bridge upgrade, which introduced an issue misinterpreting the required vote threshold for fund withdrawals. This vulnerability allowed the maximum allowable amount to be withdrawn in a single transaction, which the attackers did. They withdrew approximately 4,000 Ether (ETH) and 2 million USDC, valued at about $12 million. 

Still, the team reported that the attackers seem to be “white hat” hackers rather than malicious actors, stating they are negotiating with them to return the funds. White hat hackers typically use hacking to reveal vulnerabilities to help improve network security. Instead, they return the seized funds to the owners, often retaining a reward. In many cases, they receive immunity for their action. 

White Hack or Black Hat Hackers?

The latest hack comes after Ronin suffered a $9.7 million hack in February. Then, attackers routed 3,248 ETH through a crypto mixer, Tornado Cash, used to obscure the origins of the funds. The use of mixers clearly indicated that whoever was behind the hack was a malicious actor. 

So far, in the latest hack, attackers have not moved the funds to separate wallets or tried to interact with exchanges or mixers. Still, without direct insight into their intent, it can be difficult to distinguish between white hat and black hat hackers. Ultimately, before the hackers return the funds, there is no way to say definitively what their intentions were.  

On the Flipside

  • In July, the Rho Protocol exploit highlighted the gray area between white hat and black hat hacking. In that case, a trader used a faulty oracle to exploit $7.6 million from the protocol. However, they later stated they would return the funds, saying they had no malicious intent. 
  • Some crypto enthusiasts believe in the principle of “code is law,” meaning that protocol owners are responsible for all exploits. 

Why This Matters

The latest Ronin network hack highlights the persistent risk of vulnerabilities in the network. Moreover, the involvement of white hat hackers increases the chances of the protocol recovering most of the funds.

Read more about the gray area in exploits in Rho Protocol: 
Was $7.6M Rho Markets Exploit a Hack? Suspected Attacker Denies Wanting to Steal from Users

Read more about Binance Labs latest investments:
Binance Labs Backs New Web3 Startups Despite Market Downturn

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
David Marsanic

David Marsanic is DailyCoin’s journalist, focusing on Solana and crypto exchanges. David currently doesn’t hold any crypto.

Read more