Why do hackers love Ronin? Hidden dangers behind three attacks

Original author: Grapefruit, ChainCatcher

Original editor: Marco, ChainCatcher

As of August 12, the Ronin cross-chain bridge, which was hacked again, has not been reopened to users, and the page is still under maintenance.

Just when community users were expecting the Ronin ecosystem to launch another hit product like the Web3 farm game Pixels, the Ronin cross-chain bridge was hacked again, and the stolen assets were worth about 12 million US dollars.

So far, Ronin has experienced three security attacks. If the $624 million stolen from the Ronin cross-chain bridge by hackers two years ago (2022) was an accident, and the theft of Ronin in February this year was confirmed to be a hackers mistake, then the hacking of the Ronin cross-chain bridge on August 6 seemed to be expected.

As early as February, when the assets of Ronin Lianchuang Wallet were stolen, community users joked that Ronin would not be attacked for the third time. However, less than half a year after the last security incident, Ronin was attacked by hackers again.

If a crypto project has security incidents again and again, the security reputation of the crypto project has been lost for community users.

$12 million stolen in third attack returned

On the evening of August 6, according to PeckShieldAlert monitoring, the Ronin chain was suspected to be hacked again, about 4,000 ETH and 2 million USDC were transferred, with a loss of nearly 12 million US dollars.

In response to this sudden security incident, Ronin co-founder and COO @Psycheout immediately responded that the Ronin bridge has been suspended and is investigating the MEV vulnerability discovered by white hat hackers (programmers who attack systems from the perspective of hackers to detect security vulnerabilities). Currently, the $850 million in funds hosted on the bridge are safe.

Subsequently, Ronin officials also posted on social media that earlier that day, the white hat had notified the Ronin bridge of a potential vulnerability. After verifying the report, the Ronin bridge was suspended about 40 minutes after the abnormal operation on the chain was discovered.

The attacker transferred about 4,000 ETH and 2 million USDC, worth about $12 million, which is also the maximum amount of ETH and USDC that can be withdrawn from the Ronin bridge in a single transaction. The previously set limit on the withdrawal amount of the bridge effectively prevented the vulnerability from causing greater damage.

In response to this hacker security attack, Ronin stated that after the cross-chain bridge contract was upgraded today, a problem was introduced in the deployment of the governance process, causing the cross-chain bridge to misunderstand the operator voting threshold required to withdraw funds.

Ronin said that this attack was more like that of a white hat hacker, and that negotiations had been held with them, who had responded in good faith. Regardless of the outcome of the negotiations, all user funds are safe, and any shortfall in funds will be redeposited when the bridge is opened.

According to the analysis of this security incident by the Beosin security team, the root cause of Ronins abnormal behavior this time is that when the project party upgraded the contract, it did not properly initialize the operator weight required for cross-chain transaction confirmation, so that anyones signature could pass the cross-chain verification, which was taken advantage of by hackers.

In the end, the Ronin security incident ended with hackers returning stolen assets worth $12 million.

In the latest announcement released on August 7, Ronin stated that the hacker attack on Ronin on August 6 was indeed committed by a white hat hacker. The white hat hacker eventually returned about 4,000 ETH and 2 million USDC that were transferred away, and stated that a bounty of $500,000 would be awarded to the white hat hacker.

In the meantime, the Ronin bridge will be audited before reopening, and a new solution will be launched with Ronin validators to change the way the cross-chain bridge currently operates.

As of August 12, the Ronin cross-chain bridge has not yet been reopened to users, the value of crypto assets locked on the network is $750 million, and the RON price is currently reported at $1.44.

Although the Ronin attack was carried out by white hat hackers and the stolen funds were eventually returned, seemingly resolving the security crisis perfectly, community users are not convinced.

Community user @Futuresight questioned that according to Ronin’s official statement, it was white hat hackers who were testing, but white hat hackers usually tell the project party about the vulnerability information in advance, and will not directly steal their assets.

Crypto KOL @陈剑 Jason posted on social media that just after the negative news of Ronin being hacked was released, the price of the RON token actually shot up and took away all those who opened high-multiple short orders.

This makes community users wonder whether the project owner is stealing from the project and manipulating the currency price.

Celi, who once participated in the Ronin network staking, told ChainCatcher that even if this was done by white hat hackers, such behavior has caused huge reputation damage to Ronin, and users trust in its security has weakened again.

She explained that smart contract upgrades, especially cross-chain bridge upgrades, need to be thoroughly checked before going online. Project owners cannot take any chances and take risks with so much money. Fortunately, Ronin’s losses were controlled this time, otherwise the project’s losses would be even greater.

Ronin has lost its security reputation after three consecutive hacker attacks

In the field of encryption, hacker attacks occur frequently, and it is not surprising even if the loss is tens of millions of dollars. According to the latest data released by security audit company Beosin, the total loss of Web3 ecosystem due to hacker attacks in July reached 286 million US dollars. For example, the cross-chain transaction aggregator LI.FI lost about 11.6 million US dollars due to contract loopholes.

The crypto community seemed to have expected the hacker attack on Ronin. When Ronin was reported to have been attacked in February this year, community users joked, Will there be a third attack? Therefore, users were more lamenting about this security incident, saying that Ronin was the first to be attacked three times in a row in the crypto field.

In March 2022, the Ronin network became the focus of the largest hacker attack in the crypto space. Hackers successfully controlled five of the nine validators on the Ronin network and took away $624 million worth of ETH and USDC. This became the largest DeFi hacker attack in crypto history and the most serious security incident in the blockchain gaming space. What’s even more outrageous is that Ronin officials only noticed the vulnerability six days after the funds were stolen and after being alerted by the community.

After this crisis, the Ronin network was in a long-term downturn, and the token RON remained below $1. It was not until February this year that the Web3 farm game Pixel token PIXEL was launched on Binance, and tokens were airdropped to Ronin network staking users, among other benefits, that the Ronin network regained the attention of the crypto community.

However, just when the popular ecological project Pixel had just cleared the haze of Ronin theft, it was reported that the Ronin network was hacked again.

In February, the Web3 security team Ancilia.nc stated on social media that it had monitored approximately $10 million worth of RON being withdrawn from the Ronin Bridge and deposited into Tornado in a short period of time.

Soon, Ronin co-founder Psycheout responded that there was no problem with Ronin or the cross-chain bridge. It was just that a whale wallet was stolen and mixed with Tornado Cash. The stolen whale turned out to be Jihoz, the co-founder of Axie Infinity and Ronin Network.

Although Jihoz said in a post that only his personal address was attacked, and it had nothing to do with the verification or operation of the Ronin chain, and it was a hacker blunder, it still left a mark of Ronin being hacked for the second time in the minds of community users. In addition, this time it was hacked again because of a vulnerability in the cross-chain bridge upgrade. Although the crisis was eventually resolved, users trust in Ronin has been completely lost. Every time Ronin is mentioned, the first keyword that comes to mind is that it is easy to be stolen.

So when Ronin was hacked for the third time on August 6, users were more likely to lament that they were already suffering from PTSD from theft, and now they were hacked again? They were hacked in the past, and now they are hacked again. Will there be another theft?

Some community users even raised questions: a cross-chain bridge is attacked every other day. Is it because of poor security technology or poor team technology?

But crypto user Lisa holds a different view. She believes that the Ronin bridge was stolen because the bridge locked or hosted a large number of users assets and was a favorite target for hackers. She explained that three of the five largest cryptocurrency hacks in history were related to cross-chain bridges. In addition to the Ronin bridge theft, the BNB bridge was exploited in 2022 to steal about $586 million. In February of the same year, the Wormhole bridge also suffered a vulnerability attack, resulting in a loss of $326 million.

As of August 12, the number of Ronin network verification nodes has increased from 9 to 21, and the transfer limit of each fund on the cross-chain bridge has been limited. Now the number of RON staked on the network has reached 2.08.

The gaming ecosystem on the Ronin chain is still promising

According to Token Terminal data, Ronin’s daily active users have recently ranked first among all public chain networks, surpassing Tron and Solana, and the number of daily active users has exceeded 2 million. Among them, on August 1, the number of daily active wallets on the Ronin chain reached 2.3 million, and the daily transaction volume reached 3.5 million, setting a record high.

@Bailey.ron, who used to work at DeFiance Capital and is now in charge of the Ronin ecosystem, said that Ronin is one of the few crypto projects that is committed to and achieves real consumer adoption.

In addition to the excellent performance of on-chain user data, several well-known games have been launched in the Ronin ecosystem.

In addition to the classic Axie Infinity and Pixels, there are also farm survival game Lumiterra, hero shooter game The Machines Arena, mecha shooter game Kaidro, strategy game Wild Forest, role-playing game Runiverse, card duel chain game Apeiron, etc.

More and more games are choosing to migrate to Ronin. For example, Runiverse announced in July that it would migrate to the Ronin network. Kaidro was originally based on Immutables game, and Pixels was also migrated from Polygon.