Earlier today, we were notified by white-hats about a potential exploit on the Ronin bridge. After verifying the reports, the bridge was paused approximately 40 minutes after the first on-chain action was spotted.

The actors withdrew ~4K ETH and 2M USDC, valued at ~$12M, which is the maximum amount of ETH and USDC that can be withdrawn from the bridge for one single transaction withdrawal. The bridge limit serves as a critical safeguard to increase the security of large fund withdrawals, and it effectively prevented further damage in this exploit. More on bridge limits https://t.co/atTHhJuax0.

Today’s bridge upgrade, after being deployed through the governance process, introduced an issue leading the bridge to misinterpret the required bridge operators vote threshold to withdraw funds.

We are working on a solution for the root cause. The bridge update will undergo intensive audits, before being voted on by the bridge operators for deployment.

We are currently negotiating with the actors, who appear to be acting as white-hats and have responded in good faith. Regardless of the result of the negotiations, all user funds are safe and any shortfalls will be re-deposited into the bridge when it opens up.

A post-mortem will be shared next week where we will through the technical details and our planned measures to prevent similar occurrences in the future.

Appreciate all your support and patience.

The Ronin Network team.