Ronin Network, an Ethereum Virtual Machine blockchain for play-to-earn games, just witnessed its second hack in roughly two years. The exploiters have siphoned more than $11 million from the protocol.
A tweet by the blockchain security firm PeckShield revealed that a Maximal Extractable Value (MEV) bot just withdrew Ether (ETH) and USD Coin (USDC) worth $11.33 million from the network’s Ronin Bridge. The tweet speculated whether the transactions were executed by exploiters or whitehat hackers.
Ronin Bridge Loses $11.33M in Exploit
The first transaction saw 4,000 ETH worth $9.33 million leaving the Ronin Bridge to the MEV bot address. In the second one, the MEV bot withdrew approximately $2 million worth of USDC and swapped it for 796 Wrapped Ether (WETH) on the decentralized exchange Uniswap V3.
Shortly after PeckShield’s alert, Aleksander Leonard Larsen, the co-founder and chief operating officer of Sky Mavis, the developer behind the Ronin network, disclosed that the protocol’s team had paused its operations to investigate a report from whitehat hackers about a potential MEV exploit.
According to Larsen, the Ronin Bridge currently holds more than $850 million in cryptocurrencies, and all assets are safe. He said more information on the attack will be made available after the team completes an in-depth analysis.
Another Ronin Attack
The latest attack against Ronin has stirred concerns in the crypto community about a repetition of an incident that shook the network two years ago. In March 2022, Ronin Network fell victim to the largest crypto hack ever, losing roughly $620 million in ETH and USDC due to the network’s validator nodes being compromised.
Although Sky Mavis offered a $1 million bug bounty in exchange for the funds, the attackers, eventually revealed to be the notorious North Korean hacking entity – Lazarus Group – spread the stolen stash across centralized exchanges, the Bitcoin network, and the crypto mixer Tornado Cash.
The Ronin network suffered a major hit after the incident and struggled to reimburse affected users. Three months after the attack, the project eventually restarted the bridge, implementing a hard fork that required network validators to update their software.
Meanwhile, crypto losses from exploits have not just been peculiar to the Ronin network; one of its co-founders has also lost millions to exploiters. Earlier this year, Jeff Zirlin lost $10 million in ETH due to a security breach in his wallets.