Ronin Bridge pauses operations following suspicious $10m withdrawal

Axie Infinity’s Ronin Bridge has suspended all operations following the withdrawal of $10 million worth of cryptocurrency from the protocol.

The Ronin Bridge (RON), a multi-signature cross-chain bridge that connects various networks with the Ronin Network, was allegedly misused on Tuesday, August 6, after reports emerged of suspicious transactions in which millions worth of cryptocurrencies were being withdrawn from the protocol’s liquidity pool.

Blockchain analytics firm PeckShield noted in the X post that an unidentified entity had withdrawn $10.3 million worth of crypto from the protocol through two suspicious transactions.

In response, Ronin Network co-founder Aleksander Larsen said on X that the team would “follow up with more information soon,” adding that the bridge had “secured over $850 million that is safe.” He also added that the team was investigating “a report of a possible MEV exploit from white hats.” No other details were given.

Ronin faces criticism

The incident has triggered renewed criticism from the crypto community, with blockchain sleuth ZachXBT criticizing Ronin’s security measures, calling the protocol a “cursed project” and describing the latest breach as a sign of “mismanagement.”

This is more of a sign of poor management than anything else.

Both the first and second attacks were private key breaches of Lazarus Group

Funds will likely be returned in the third incident today

So none of this can be attributed to insiders

— ZachXBT (@zachxbt) August 6, 2024

In addition to the investigation, hacker analysts suggested that the attack could be linked to a recent update of Ronin Bridge’s proxy contract, adding that “it is possible that the vulnerability was introduced during this update.” Despite the breach, the price of Ronin’s native token remained unchanged, showing an 11% increase over the past 24 hours, according to data from crypto.news.

This isn’t the first time Ronin Bridge has faced such challenges. In March 2022, the protocol was targeted by a North Korean hacker gang, the Lazarus Group, resulting in the theft of 173,600 Ethereum (ETH) and $25.5 million worth of USD Coin (USDC).