White hat hackers have returned US$12 million they took when they exploited an undocumented vulnerability in the bridge of gaming blockchain, Ronin Network.
The hackers were able to withdraw 4,000 Ether (ETH) and US$2 million USD Coin (USDC), the maximum amount of ETH and USDC able to be withdrawn from the bridge in a single transaction.
"We were notified by white-hats about a potential exploit on the Ronin bridge. After verifying the reports, the bridge was paused approximately 40 minutes after the first on-chain action was spotted," said Ronin in a post on X.
The exploit has been pinpointed to a bridge update - hours before the breach - that had been deployed through the governance process, but introduced a vulnerability that allowed the bridge to misinterpret the vote threshold of bridge operators to withdraw funds.
"We are working on a solution for the root cause. The bridge update will undergo intensive audits, before being voted on by the bridge operators for deployment," stated Ronin on X.
Ronin has ensured all users that their funds are safe and any shortfalls will be re-deposited into the bridge when it re-opens. The hackers will also be rewarded by Ronin: "We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty."
