Author: Grapefruit, ChainCatcher
Editor: Marco, ChainCatcher
As of August 12, the Ronin cross-chain bridge, which was hacked again, has not been reopened to users, and the page is still under maintenance.
Just when community users were expecting the Ronin ecosystem to launch another hit product like the Web3 farm game Pixels, the Ronin cross-chain bridge was hacked again, and the stolen assets were worth about 12 million US dollars.
So far, Ronin has experienced three security attacks. If the $624 million stolen by hackers from Ronin’s cross-chain bridge two years ago (2022) was an accident, and the theft of Ronin in February this year was confirmed to be a "hacker blunder", then the hacking of Ronin’s cross-chain bridge again on August 6 seemed to be expected.
As early as February, when the assets of Ronin Lianchuang Wallet were stolen, community users joked that Ronin would not be attacked for the third time, right? However, less than half a year after the last security incident, Ronin was attacked by hackers again.
If a crypto project has security incidents again and again, the security reputation of the crypto project has been lost for community users.
$12 million stolen in third attack returned
On the evening of August 6, according to PeckShieldAlert monitoring, the Ronin chain was suspected to be hacked again, about 4,000 ETH and 2 million USDC were transferred, with a loss of nearly 12 million US dollars.
In response to this sudden security incident, Ronin co-founder and COO @Psycheout immediately responded that the Ronin bridge has been suspended and is investigating the MEV vulnerability discovered by white hat hackers (programmers who attack systems from the perspective of hackers to detect security vulnerabilities). Currently, the $850 million in funds hosted on the bridge are safe.
Subsequently, Ronin officials also posted on social media that earlier that day, the white hat had notified Ronin of a potential vulnerability in the bridge. After verifying the report, the bridge was suspended about 40 minutes after the abnormal operation on the chain was discovered.
The attacker transferred about 4,000 ETH and 2 million USDC, worth about $12 million. This is also the maximum amount of ETH and USDC that can be withdrawn from the Ronin bridge in a single transaction. The previously set limit on the withdrawal amount of the bridge effectively prevented the vulnerability from causing greater damage.
In response to this hacker security attack, Ronin stated that after the cross-chain bridge contract was upgraded today, a problem was introduced in the deployment of the governance process, causing the cross-chain bridge to misunderstand the operator voting threshold required to withdraw funds.
Ronin said that this attack was more like that of a white hat hacker, and that negotiations had been held with them, and that they had responded in good faith. Regardless of the outcome of the negotiations, all user funds are safe, and any shortfall in funds will be redeposited when the bridge is opened.
According to the analysis of the Beosin security team on this security incident, the root cause of Ronin's abnormal behavior this time is that when the project party upgraded the contract, it did not properly initialize the operator weight required for cross-chain transaction confirmation, so that anyone's signature could pass the cross-chain verification, which was taken advantage of by hackers.
In the end, the Ronin security incident ended with "hackers returning stolen assets worth $12 million."
In the latest announcement released on August 7, Ronin stated that the hacker attack on Ronin on August 6 was indeed committed by a white hat hacker. The white hat hacker eventually returned the approximately 4,000 ETH and 2 million USDC that were transferred away, and stated that a bounty of $500,000 would be awarded to the white hat hacker.
In the meantime, the Ronin bridge will be audited before reopening, and a new solution will be launched with Ronin validators to change the way the cross-chain bridge currently operates.
As of August 12, the Ronin cross-chain bridge has not yet been reopened to users, the value of crypto assets locked on the network is US$750 million, and the RON price is currently reported at US$1.44.
Although the Ronin attack was carried out by white hat hackers and the stolen funds were eventually returned, seemingly resolving the security crisis perfectly, community users are not convinced.
Community user @Futuresight questioned that according to Ronin's official statement, it was white hat hackers who were testing, but white hat hackers usually tell the project party about the vulnerability information in advance, and will not directly steal their assets.
Crypto KOL @陈剑Jason posted on social media that just after the negative news of Ronin being "hacked" was released, the price of the RON token actually took a sharp upward move, taking away all those who had opened high-multiple short orders.
This makes community users wonder whether the project owner is stealing from the project and manipulating the currency price.
Celi, who once participated in the Ronin network staking, told ChainCatcher that even if this was done by white hat hackers, such behavior has caused huge reputation damage to Ronin, and users' trust in its security has weakened again.
She explained that smart contract upgrades, especially cross-chain bridge upgrades, need to be thoroughly checked before going online. Project owners cannot take any chances and take so much money to play risky games. Fortunately, Ronin’s losses were controlled this time, otherwise the project’s losses would be even greater.
Ronin has lost its security reputation after three consecutive hacker attacks
In the field of encryption, hacker attacks occur frequently, and it is not surprising even if the loss is tens of millions of dollars. According to the latest data released by security audit company Beosin, the total loss of Web3 ecosystem due to hacker attacks in July reached 286 million US dollars. For example, the cross-chain transaction aggregator LI.FI lost about 11.6 million US dollars due to contract loopholes.
The crypto community seemed to have expected the hacker attack on Ronin. When Ronin was reported to have been attacked in February this year, community users joked, "Will there be a third attack?" Therefore, users were more lamenting about this security incident, saying that Ronin was the first to be attacked three times in a row in the crypto field.
In March 2022, the Ronin network became the focus of the largest hacker attack in the crypto space. Hackers successfully controlled five of the nine validators on the Ronin network and took away ETH and USDC worth $624 million. This became the largest DeFi hacker attack in crypto history and the most serious security incident in the blockchain gaming space. What’s even more outrageous is that Ronin officials only noticed the vulnerability six days after the funds were stolen and after being alerted by the community.
After this crisis, the Ronin network was in a long-term downturn, and the token RON remained below $1. It was not until February this year when the Web3 farm game Pixel token PIXEL was launched on Binance and tokens were airdropped to Ronin network staking users and other favorable factors that the Ronin network regained the attention of the crypto community users.
However, just when the popular ecological project Pixel had just cleared the haze of Ronin theft, it was reported that the Ronin network was hacked again.
In February, the Web3 security team Ancilia.nc stated on social media that it had monitored that approximately $10 million worth of RON was withdrawn from the Ronin bridge and deposited into Tornado in a short period of time.
Soon, Ronin co-founder Psycheout responded that there was no problem with Ronin and the cross-chain bridge. It was just that a whale wallet was stolen and mixed with Tornado Cash. The stolen whale turned out to be Jihoz, the co-founder of Axie Infinity and Ronin Network.
Although Jihoz said in a post that only his personal address was attacked, and it had nothing to do with the verification or operation of the Ronin chain, and it was a hacker blunder, it still left a mark of Ronin being hacked twice in the minds of community users. In addition, this time it was hacked again because of a vulnerability in the cross-chain bridge upgrade. Although the crisis was eventually resolved, users' trust in Ronin has been completely lost. Every time Ronin is mentioned, the first keyword that comes to mind is that it is easy to be stolen.
So when Ronin was hacked for the third time on August 6, users were more likely to lament that they were already suffering from PTSD after being hacked, and now they were hacked again? They were hacked in the past, and now they are being hacked again. Will they be hacked again?
Some community users even raised questions: a cross-chain bridge is attacked every other day. Is it because of poor security technology or poor team technology?
But crypto user Lisa holds a different view. She believes that the Ronin bridge was stolen because the bridge locked or hosted a large number of users' assets and was a favorite target for hackers. She explained that three of the five largest cryptocurrency hacks in history were related to cross-chain bridges. In addition to the Ronin bridge theft, the BNB bridge was used to steal about $586 million in 2022, and the Wormhole bridge also suffered a vulnerability attack in February of the same year, resulting in a loss of $326 million.
As of August 12, the number of Ronin network verification nodes has increased from 9 to 21, and the transfer limit of each fund on the cross-chain bridge has been limited. Now the number of RON staked on the network has reached 2.08.
The gaming ecosystem on the Ronin chain is still promising
According to Token Terminal data, Ronin’s daily active users have recently ranked first among all public chain networks, surpassing Tron and Solana, and the number of daily active users has exceeded 2 million. Among them, on August 1, the number of daily active wallets on the Ronin chain reached 2.3 million, and the daily transaction volume reached 3.5 million, setting a record high.
@Bailey.ron, who used to work at DeFiance Capital and is now in charge of the Ronin ecosystem, said that Ronin is one of the few crypto projects that is committed to and achieves real consumer adoption.
In addition to the excellent performance of on-chain user data, several well-known games have been launched in the Ronin ecosystem.
In addition to the classic Axie Infinity and Pixels, there are also farm survival game Lumiterra, hero shooter game The Machines Arena, mecha shooter game Kaidro, strategy game Wild Forest, role-playing game Runiverse, card duel blockchain game Apeiron, etc.
More and more games are choosing to migrate to Ronin. For example, Runiverse announced its migration to the Ronin network in July. Kaidro was originally a game based on Immutable, and Pixels was also migrated from Polygon.
