Ronin released a message saying that earlier today, white hat hackers informed them of a possible vulnerability in the Ronin bridge. After confirming the report, the team suspended the operation of the bridge about 40 minutes after the first on-chain operation was discovered.

The attacker withdrew about 4,000 ETH and 2 million USDC, worth about $12 million, which is the maximum amount that can be withdrawn from the bridge in a single transaction. The bridge's limit mechanism effectively prevented greater losses.

The problem was caused by a bug introduced during the bridge upgrade process, which caused the cross-chain bridge to misunderstand the voting threshold required to withdraw funds. The team is currently working to resolve this issue, and the bridge update will be strictly audited and voted on by the operators to decide whether to deploy it.

Ronin is negotiating with these seemingly well-intentioned hackers, who have expressed good intentions. Regardless of the outcome of the negotiations, users' funds are safe, and any shortfall will be made up when the bridge reopens. The team will share a detailed analysis of the incident, including technical details and preventive measures, next week.