According to ChainCatcher, blockchain security audit company Beosin Alert has detected abnormal cross-chain asset extraction in the Ronin Bridge project. According to the Beosin security team, the root cause of this abnormal behavior is that when the project upgraded the contract, it did not properly initialize the operator weight required for cross-chain transaction confirmation, causing the minimumVoteWeight parameter in the contract to be zero, allowing anyone's signature to pass cross-chain verification.
Currently, Ronin bridge has lost 3,996 ETH, and the funds are stored in the address starting with 0xc6a (this address is a MEV bot, so it is speculated that it may be a white hat behavior). Beosin is currently working with the project to handle this incident.
