Hackers return $12 million taken during Ronin network breach

Avatar

Hackers returned $12 million to the Ronin gaming blockchain, which they had stolen by exploiting an undocumented vulnerability, the company announced in a statement earlier this week.

The hackers, “who appear to be acting as white-hats and have responded in good faith,” discovered an exploit in the bridge, a crucial component of the Ronin Network. The Ronin blockchain is designed specifically for Axie Infinity, one of the most popular play-to-earn blockchain-based games.

But Ronin is perhaps best known for being the target of a security breach in 2022 that resulted in the theft of approximately $625 million worth of cryptocurrency. U.S. prosecutors subsequently attributed the attack to Lazarus Group, a North Korean state-backed cybercrime operation. Law enforcement was able to seize more than $30 million worth of cryptocurrency stolen by hackers.

In the incident announced this week, the company paused the bridge for approximately 40 minutes after verifying the hackers’ report. During the attack, the threat actor withdrew 4,000 ETH and 2 million USDC, totaling $12 million — the maximum amount that can be withdrawn from the bridge in a single transaction.

“We thank the white hats for their vigilance and integrity,” the company said, adding that it will pay them a $500,000 bounty for the discovery.

The company previously stated that if the hackers refused to negotiate, all user funds would remain safe, and “any shortfalls will be re-deposited into the bridge when it reopens.” It is unclear whether the hackers initially intended to keep the stolen funds before the negotiations and what was the real motive of their attack.

According to Ronin, the cause of the exploit was a recent upgrade to the bridge, which “introduced an issue leading the bridge to misinterpret the required bridge operators’ vote threshold to withdraw funds.”

The platform said it aims to change the current structure of the bridge to make it more secure. “We will be working with the Ronin validators to onboard a new solution and will provide updates on this as the work progresses,” the company added.

The bridge will remain paused while the investigation into the exploit is ongoing.

In addition to the 2022 hack, the company was also in the news in February after cybercriminals   stole nearly $10 million from the personal accounts of an Axie Infinity co-founder. Analysts traced the stolen funds to activity on Tornado Cash, a mixer designed to obscure the source of cryptocurrency. Lazarus used the mixer to launder funds from the 2022 hack.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

Home alarm company ADT says hackers obtained ‘limited’ customer data

Next Post

Tennessee man charged over role in North Korea IT worker scheme

Related Posts

AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services

The threat actors behind the AndroxGh0st malware are now exploiting a broader set of security flaws impacting various internet-facing applications, while also deploying the Mozi botnet malware. "This botnet utilizes remote code execution and credential-stealing methods to maintain persistent access, leveraging unpatched vulnerabilities to infiltrate critical infrastructures," CloudSEK said in a
Avatar
Read More