Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
Ethical Hacker Returns $10 Million in ETH Following Unintentional Front-Run of Ronin Network Breach
Ronin Network, a prominent entity in the gaming blockchain industry and the foundation of the play-to-earn game Axie Infinity, faced a significant security incident. An exploit resulted in the network losing roughly $9.8 million in Ether (ETH).
Initial responses characterized this occurrence as yet another malicious attack. However, recent updates suggest that a white hat hacker may have been responsible, and the perpetrator has consented to return the funds in full. At the time of this report, the white hat hacker has returned 3,991 ETH.
Was the Ronin Exploit Merely an Accidental White Hat Operation?
These ethical hackers generally exploit weaknesses to reveal security vulnerabilities, rectify the problems, and subsequently return the misappropriated assets.
The update from PeckShield on August 6 indicated that a white-hat hacker could have executed the exploit.
Importantly, the exploit involves a maximal extractable value (MEV) bot. MEV bots are instruments that validators utilize to identify arbitrage opportunities across decentralized finance (DeFi) platforms.
#PeckShieldAlert @Ronin_Network #whitehacked? or Hacked? (w/ ~ $9.33M) pic.twitter.com/wfaY0zhVdI
— PeckShieldAlert (@PeckShieldAlert) August 6, 2024
These bots can autonomously implement strategies to take advantage of discrepancies in market prices. In this instance, the transaction was carried out by an MEV bot recognized as “0x4ab,” which later transferred 3.9 Ether tokens of the funds to a wallet referred to as “0x952” or “beaver build.”
Ronin Network subsequently confirmed that around 4,000 ETH and 2 million USDC were withdrawn—the highest amounts that could be extracted in a single transaction.
The Axie Infinity contract deployer expressed gratitude to the hacker for protecting user funds.
“Hey, thanks a lot for white-hat saving user funds today,” they stated. “Can we chat over Blockscan chat?”
The outcome of the conversation ultimately resulted in the return of all funds. All the Ether has been sent, and the USDC is anticipated to be fully returned later today.
Related Posts
Update:
The ETH (~$10 M) has been returned and we expect that the USDC will be returned later today. We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty.
The bridge will undergo an audit before it is…
— Ronin (@Ronin_Network) August 6, 2024
It was speculated that the bot may have inadvertently front-run the attack. When the ETH was returned, it was valued at over $10 million.
From Breach to Resolution: The Return of the Funds
Data from block explorer Etherscan indicates that the MEV bot that siphoned the funds has returned nearly all of them.
3,991 ETH was sent back to the Ronin team at 3:04 pm UTC, while the remaining 5 ETH were not returned.
As a gesture of goodwill to the MEV bot owner, the Ronin team announced that the bot’s owner would receive a $500,000 reward for identifying the exploit.
The Ronin team further clarified that a recent bridge upgrade, implemented through its governance process, introduced a problem that caused the bridge to misinterpret the necessary vote threshold for fund withdrawals.
They are currently working on a resolution to this issue, with plans for a new bridge upgrade to undergo thorough audits prior to deployment.
Ronin’s history with security breaches provides context for this recent event. Just last year, the Ronin Bridge was compromised for over $600 million in what remains one of the largest crypto thefts.
The wider implications of this incident affect the entire cryptocurrency industry, which has witnessed a concerning rise in hacks in 2024.
The first quarter alone reported $542.7 million stolen—a 42% increase from the same timeframe in 2023. July was particularly severe, with over $266 million in crypto hacks across 16 incidents, including the $234 million theft from WazirX.
The post White Hat Hacker Returns $10M in ETH After Accidental Front-Run of Ronin Network Exploit appeared first on Cryptonews.
