Bitcoin

Recent Ronin Hack Caused by an Error Allowing Anyone to Withdraw Funds Without Signature

1 Mins read
  • Ronin suffered from a $10 million attack on August 6 as an MEV bot withdrew the funds.
  • The individual managing the bot returned those assets to the protocol.

Blockchain cybersecurity firm Verichains revealed details about the Ronin chain attack on August 6, causing a loss of about $10 million. While the attack was brought by an MEV (maximum extractable value) bot overseen by a white hat hacker who returned the funds, the incident was highly concerning.

The Verichains report mentioned how an update to the Ronin bridge’s contracts caused a vulnerability, letting the bot exploit the assets. This bridge connects Ethereum to the Ronin blockchain, a gaming-related network home to popular titles like Axie Infinity. The contract update ignored a critical function, allowing anyone to withdraw funds from the bridge without validation.

Every transaction is validated by network participants and processed through a consensus, enabled by the minimumVoteWeight variable. This variable relies on the totalWeight variable acting as the input. However, during the update, totalWeight’s value was set to zero instead of what it was set to be in the previous contract. Consequently, users could withdraw funds without a signature, as the updated contract allowed them to.

In an X post on August 7, Damian Rusniek, an auditor at Composable Security, mentioned, “The signer is 0x27120393D5e50bf6f661Fd269CDDF3fb9e7B849f but this address is not on the bridge operators list. This means that only ONE signature was required and it could by ANY valid signature.” They concluded with the same finding as Verichains, “The root cause was that the minimum votes of the operators was 0. Anyone has 0!”

Ronin Offered $500,000 of the Exploited Funds to the White Hat Hacker

The MEV bot, through simulations, figured that out and committed the transaction, leading to the $10 million exploit. The white hat hacker returning these funds ensured Ronin developers found the issue before bad actors took over. The network allowed the individual to keep $500,000 of the exploited value as a bug bounty reward.

 


Source link

Related posts
Bitcoin

Max Crypto Gains for 2025: 4 Hot Meme Coins

3 Mins read
Will your ship arrive in 2025? Time to call up some new meme coins to do the work for you in the…
Bitcoin

Is Altcoin Season Here Already? VanEck Answers As Bitcoin Price Struggles Below $100,000

2 Mins read
Este artículo también está disponible en español. The recent Bitcoin price action has been marked by a correction from its all-time high…
Bitcoin

Meet Brett: The Biggest Star of the Memecoin Universe on Base

1 Mins read
The memecoin Brett is totally dominating the ecosystem on the Base blockchain. With a dedicated community and strong momentum, Brett might soon…

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *