According to CoinDesk, the cross-chain bridge of the public game chain Ronin was suspended on Tuesday (6th) because the platform had $9 million worth of tokens taken away in an apparent white hat hacking attack.
Aleksander Larsen, co-founder of Ronin developer Sky Mavis, said on the social platform:
"While operations of the Ronin bridge have been suspended, we are investigating a report from a white hat hacker of a potential MEV (Maximum Extractable Value) vulnerability and we will provide more information soon. The cross-chain bridge is currently Protecting more than $850 million, these assets are safe."
The @Ronin_Network bridge has been paused while we investigate a report from whitehats about a potential MEV exploit. We will follow up with more information shortly.The bridge currently secures over $850M which is safe https://t.co/lUjIIgb1DD
— Psycheout.ron (@Psycheout86) August 6, 2024
According to the network security company SlowMist, the reason for the vulnerability in the Ronin cross-chain bridge is that the weight was modified to an unexpected value, and the funds can be withdrawn without passing any multi-signature threshold check. Another security firm, Beosin, also released an analysis of the incident.
Due to the weights being modified to unexpected values, funds can be withdrawn without going through any multisig threshold checks. https://t.co/fkYA7yCTIw pic.twitter.com/J0v4ybWYNv
— SlowMist (@SlowMist_Team) August 6, 2024
After news of a vulnerability in Ronin’s cross-chain bridge came out, the price of its native token RON briefly fell by about 5%, and its trading price had rebounded to $1.4 by the time of writing.
Ronin is an Ethereum sidechain network built by Sky Mavis, the developer of the blockchain game Axie Infinity. In March 2022, the Ronin cross-chain bridge suffered a loss of more than $600 million due to a hacker attack, and the North Korea-related Lazarus Group was rumored to be behind it.
Source