Ronin: The attacker extracted $12 million in cryptocurrency assets and is negotiating with white hat hackers

ChainCatcher news, Ronin posted on social media that earlier today, white hats notified Ronin that there might be a vulnerability in the Ronin bridge. After verifying the report, the bridge was paused about 40 minutes after the first on-chain operation was detected. The attacker extracted approximately 4000 ETH and 2 million USDC, worth about 12 million dollars, which is the maximum amount of ETH and USDC that can be withdrawn in a single transaction from the bridge. The bridging limit is an important safeguard to enhance the security of large fund withdrawals and effectively prevent further damage caused by this vulnerability.

Ronin stated that due to an issue introduced during the bridge upgrade after the governance process was deployed, the cross-chain bridge misunderstood the voting threshold required by the bridging operators to withdraw funds. Efforts are currently underway to find a solution to the root cause, and the bridge update will undergo strict review before being decided upon by a vote from the bridging operators. Negotiations are ongoing with these seemingly white hat actors, who have responded in good faith. Regardless of the outcome of the negotiations, all user funds are safe, and any shortfall will be re-deposited when the bridge reopens. A post-incident analysis will be shared next week, detailing the technical aspects and planned measures to prevent similar incidents in the future.