Ronin Network Halts Operations After Whitehat Suspected $11.3M Exploit

The Ronin Network, known for its role in play-to-earn games, has been exploited again. This time, over $11.33 million was siphoned off, marking the second significant hack in two years.

PeckShield Uncovers the Exploit

The breach was first reported by blockchain security firm PeckShield. They revealed that a Maximal Extractable Value (MEV) bot withdrew Ether (ETH) and USD Coin (USDC) worth $11.33 million from the Ronin Bridge. 

The nature of these transactions remains uncertain, with speculation about whether they were executed by malicious actors or ethical/whitehat hackers aiming to expose vulnerabilities.

White hat hackers often exploit vulnerabilities to demonstrate security flaws, subsequently returning the stolen funds. In this case, Ronin's exploit could lead to funds being returned soon, reducing its impact.

Ronin Network's Response

Following the alert, Ronin Network paused its operations.

"Earlier today, we were notified by white-hats about a potential exploit on the Ronin bridge," the network posted on X. 

They confirmed the bridge was paused 40 minutes after the first on-chain action was detected. The pause was necessary to prevent further exploitation while the team investigated the breach.

MEV Bot Involvement

The exploit appears to have been facilitated by an MEV bot, specifically “0x4ab,” which accidentally exploited a loophole in the Ronin Bridge protocol. MEV bots are software tools used by validators to analyze and execute arbitrage opportunities across decentralized finance platforms. 

Blockchain data reveals that the MEV bot “0x4ab” executed the transaction, withdrawing a substantial amount of funds. A portion of the funds, about 3.9 Ether, was sent to a wallet known as “beaverbuild.” 

Aleksander Leonard Larsen, co-founder and COO of Sky Mavis, the developer behind the Ronin Network, assured users that the protocol’s team had paused operations to investigate the breach. He emphasized that the Ronin Bridge holds more than $850 million in cryptocurrencies, and all assets are currently safe. Larsen promised more information once the team completes a thorough analysis.

Historical Context

This isn't the first time Ronin has been compromised. In March 2022, the network suffered a massive loss of over $615 million in USDC and Ether. 

The exploit at that time involved hacked private keys used to forge fake withdrawals from the Ronin Bridge. The attacker exploited a backdoor through the gas-free RPC node, bypassing the network's security measures.