Ronin Bridge Hack: What Went Wrong and How $10 Million Was Stolen
- A $10 million exploit on the Ronin Bridge occurred on August 6 due to a faulty upgrade script.
- The upgrade mistakenly set the validator voting threshold to zero, allowing unauthorized withdrawals.
- Most of the stolen funds were recovered, but the breach underscores the need for robust security measures.
Understanding the Ronin Bridge Hack: Causes, Impact, and Lessons Learn
On August 16, Verichains, a blockchain security firm, reported a significant update on the Ronin Bridge hack case. The firm revealed that a $10 Million exploit on the Ronin bridge on August 6 was due to a faulty upgrade deployment script.
The upgrade mistakenly set the validator voting threshold to zero, enabling users to withdraw funds without the required signatures. The error occurred because developers failed to initialize a critical variable during the upgrade. Consequently, a malicious actor exploited this vulnerability, front-run by an MEV bot, to steal over $10 Million in cryptocurrency including Ethereum (ETH) and USD Coin (USDC).
At press time, ETH price was trading at $2,600.75, after an intraday spike of 0.22% with $312,859,132,182 in the market cap and $12,209,926,439 in 24-hour volume. USDC, alternatively, hovering at $1.00 with $34,838,535,046 in market cap and $5,141,560,579 in 24-hour volume.
Although most of the funds were returned, the incident highlights the risks associated with upgradeable smart contracts. The Ronin Network, known for hosting Axie Infinity, confirmed that the exploit stemmed from a misinterpretation of the required validator vote threshold following the upgrade.
Ronin Bridge Hack Overview
On 6th August, the Ronin Network was hacked, and the attackers made away with about $9. 8 Million in ETH and $2 Million in USDC. This incident showcases the platform’s troubled history, which includes a massive $600 Million hack in March 2022.
On-chain analytics firm PeckShield Alert exposed two doubtful transactions on the Ronin bridge. The first transaction involved the transfer of 3,996 ETH, valued at around $9.86 Million, while the second saw nearly $2 Million worth of USDC tokens moved.
In response, the Ronin Network team quickly paused the bridge to prevent further losses. Alexander Larsen, COO and co-founder of Axie Infinity and Ronin Network, addressed the breach, emphasizing the ongoing situation.
Conclusion
The August 6 Ronin Bridge hack, caused by a faulty upgrade script that set the validator voting threshold to zero, led to a $10 million theft of ETH and USDC. Despite the quick response and recovery of most funds, the incident underscores the vulnerabilities in upgradeable smart contracts.
Get Free Crypto with Reality Rush
Build your dream city on Telegram and earn real-world rewards, including $USDT vouchers and NFTs! Join over 7 million players, unlock famous landmarks, and boost your city with exclusive bonuses. Play for free, invite friends, and watch your rewards grow! Start building today.
Also Read: Today’s X Empire Rebus of the Day For 17 August 2024
