Ronin bridge halted after being hit with a $12 million exploit
MEV bot identified as source of latest crypto bridge attack, echoing recent Rho Markets incident.
Key Takeaways
- Ronin Network bridge paused after $10 million exploit involving MEV bot.
- Bridges remain popular targets for hackers due to large crypto holdings.
Share this article
The Ronin Network bridge was paused after being hit with a 3,996 Ethereum (ETH) and 2 million USD Coin (USDC) exploit today, amounting to nearly $12 million. Aleksander Larsen, COO of Ronin, revealed on X (formerly Twitter) that the over $850 million in funds held in the bridge are safe.
Blockchain explorer Etherscan labels the address as an MEV bot, and the exploit was reported by white hat hackers, added Larsen. MEV is short for “maximal extractable value,” which consists of profiting from rearranging and reordering transactions waiting to be added to the blockchain.
Ronin Network published a statement via its X profile, explaining that a bridge upgrade “introduced an issue leading the bridge to misinterpret the required bridge operators vote threshold to withdraw funds.”
“We are working on a solution for the root cause. The bridge update will undergo intensive audits, before being voted on by the bridge operators for deployment,” added Ronin.
Furthermore, they stated that the exploiters are seemingly white-hat hackers and “have responded in good faith”. Nevertheless, the Ronin team assured users that any shortfalls “will be re-deposited into the bridge when it opens up.”
MEV bots were used recently in another exploit. As reported by Crypto Briefing, Scroll-based money market Rho Markets lost 2,203 ETH, amounting to over $7.5 million, in just nine minutes after a group profited from a “price oracle misconfiguration.”
Luckily, the group sent an on-chain message to the Rho Markets’ team stating that they didn’t intend to steal users’ funds and returned the amount extracted after Rho Markets admitted it wasn’t an exploit but a misconfiguration of the platform.
Ronin Bridge was in the spotlight of the largest hack in crypto in March 2022, after hackers managed to secure five out of nine validators and ran away with $624 million.
Moreover, three of the five largest crypto hacks in history are related to bridges. In October 2022, the BNB Bridge was exploited for $586 million, although the hacker managed to escape with just $127 million before the bridge was paused.
In February of the same year, the Wormhole bridge was also hit with an exploit and lost $326 million. The exploiter manipulated a smart contract vulnerability to credit 120,000 ETH to an Ethereum address, which made possible the minting of the equivalent amount in Wormhole ETH (whETH).
Since bridges lock funds from users, these platforms usually hold a large amount of crypto, making them the favorite target of hackers.
Update 08:59 am EST: added Ronin Network’s statement and updated the total drained.
Share this article