Hackers return $12 million taken during Ronin network breach
Hackers returned $12 million to the Ronin gaming blockchain, which they had stolen by exploiting an undocumented vulnerability, the company announced in a statement earlier this week.
The hackers, “who appear to be acting as white-hats and have responded in good faith,” discovered an exploit in the bridge, a crucial component of the Ronin Network. The Ronin blockchain is designed specifically for Axie Infinity, one of the most popular play-to-earn blockchain-based games.
But Ronin is perhaps best known for being the target of a security breach in 2022 that resulted in the theft of approximately $625 million worth of cryptocurrency. U.S. prosecutors subsequently attributed the attack to Lazarus Group, a North Korean state-backed cybercrime operation. Law enforcement was able to seize more than $30 million worth of cryptocurrency stolen by hackers.
In the incident announced this week, the company paused the bridge for approximately 40 minutes after verifying the hackers’ report. During the attack, the threat actor withdrew 4,000 ETH and 2 million USDC, totaling $12 million — the maximum amount that can be withdrawn from the bridge in a single transaction.
“We thank the white hats for their vigilance and integrity,” the company said, adding that it will pay them a $500,000 bounty for the discovery.
The company previously stated that if the hackers refused to negotiate, all user funds would remain safe, and “any shortfalls will be re-deposited into the bridge when it reopens.” It is unclear whether the hackers initially intended to keep the stolen funds before the negotiations and what was the real motive of their attack.
According to Ronin, the cause of the exploit was a recent upgrade to the bridge, which “introduced an issue leading the bridge to misinterpret the required bridge operators' vote threshold to withdraw funds.”
The platform said it aims to change the current structure of the bridge to make it more secure. “We will be working with the Ronin validators to onboard a new solution and will provide updates on this as the work progresses,” the company added.
The bridge will remain paused while the investigation into the exploit is ongoing.
In addition to the 2022 hack, the company was also in the news in February after cybercriminals stole nearly $10 million from the personal accounts of an Axie Infinity co-founder. Analysts traced the stolen funds to activity on Tornado Cash, a mixer designed to obscure the source of cryptocurrency. Lazarus used the mixer to launder funds from the 2022 hack.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.