PANews reported on August 6 that according to Beosin Alert, a blockchain security audit company, the Ronin Bridge project has abnormally extracted cross-chain assets. According to the analysis of the Beosin security team, the root cause of this abnormal behavior is that when the project upgraded the contract, the operator weight required for cross-chain transaction confirmation was not initialized properly, resulting in the minimumVoteWeight parameter in the contract being zero, so that anyone's signature can pass the cross-chain verification. At present, Ronin bridge has lost 3,996 ETH, and the funds are stored at 0xc6aec68dd6272efcbc74fb5308fe7f070437465e (this address is MEV bot, so it is speculated that it may be white hat behavior). Beosin is currently working with the project to deal with this incident.
Attack transaction link: https://etherscan.io/tx/0x2619570088683e6cc3a38d93c3d98899e5783864e15525d5f5810c11189ba6cb