Ronin Network Bridge Paused Amid $11.8M Outflows

Ronin RON (+4.64%), the blockchain network linked to the play-to-earn game Axie Infinity, paused its bridge on Tuesday morning due to $11.8 million in outflows towards MEV bots.

Incident Overview

The initial transaction took place around 9:37 a.m. UTC, transferring over 3,996 ETH (+3.29%, valued at $9.8 million). A subsequent transaction at 10:11 a.m. involved nearly $2 million in stablecoin USDC. Some suggested this could be white hat activity, indicating an ethical hacker’s involvement, although this was not immediately confirmed. The bridge was paused shortly after at 10:15 a.m.

“The Ronin Network bridge has been paused while we investigate a report from white hats about a potential MEV exploit,” stated Axie Infinity and Ronin Network co-founder Aleksander Larsen (aka “Psycheout”) on X. “We will follow up with more information shortly. The bridge currently secures over $850 million, which is safe.”

The Ronin Network later confirmed the withdrawal of about 4,000 ETH and 2 million USDC, which was the maximum limit that could be withdrawn in a single transaction.

Investigation and Response

“Earlier today, we were notified by white hats about a potential exploit on the Ronin bridge. After verifying the reports, the bridge was paused approximately 40 minutes after the first on-chain action was spotted,” the project outlined. The withdrawal limit helps enhance security for large fund withdrawals, effectively preventing additional damage during this incident.

The Ronin Network team noted that a recent bridge upgrade had unintentionally led to a miscalculation regarding the proper voting threshold required for bridge operators to withdraw funds. They are currently addressing the root cause, with a new upgraded version undergoing rigorous audits before it is presented for operator voting.

Negotiations and Recovery

Ronin is negotiating with the individuals linked to the incident, who seem to act in good faith as white hats. They assured users that all funds are safe, and any discrepancies will be re-deposited when the bridge reopens. A detailed post-mortem is anticipated next week.

By Tuesday afternoon, Ronin Network confirmed that the ether had been returned, expecting the USDC funds to follow shortly. The white hats will be rewarded through Ronin’s bug bounty program with $500,000. A few hours later, Ronin verified the receipt of the remaining $2 million in USDC.

Previous Incidents

This is not the first challenge for Ronin, which was hacked in March 2022, losing over $600 million — the largest DeFi exploit to date. In that incident, the breach of five validator keys resulted in a loss of 173,600 ETH (approximately $590 million at that time) and $25.5 million of USDC.

Wallets belonging to Jeffrey Zirlin, co-founder of Axie Infinity’s creator Sky Mavis, were also compromised for $9.7 million worth of ether in February this year.

Following this latest incident, RON’s cryptocurrency dropped roughly 4%, but it has rebounded by about 9% over the past 24 hours amid broader crypto market recovery following Monday’s downturn.

Updated with additional details throughout.