The Tragic Song of the Most Successful Blockchain Game: Ronin Cross-Chain Vulnerabilities May Hinder Axie Infinity's Comeback
Table of Contents
Table of Contents
The founder of the blockchain platform Ronin, associated with the successful blockchain game Axie Infinity, suddenly announced that due to a vulnerability reported by a white hat hacker, the Ronin cross-chain bridge has ceased operation as it may be susceptible to a MEV (Miner Extractable Value) attack. Previously, Ronin was hacked by North Korean hackers, resulting in a loss of $600 million and a lack of interest in the platform, leading to a decline in the once-thriving Axie Infinity. With this new security vulnerability surfacing, it may be even more challenging for them to recover.
After the hacking incident on Axie Infinity's sidechain Ronin, the official cross-chain bridge has now resumed withdrawals and deposits.
The security team SlowMist pointed out that the weight value in the Ronin contract was unexpectedly altered, allowing funds to be transferred without requiring multi-signature authorization.
Developer Bing commented that the total weight for signatures was set to 0, making it possible to pass with any signature. He stated:
- The contract was updated three hours ago
- The initialization and upgrade were mistakenly swapped
- The hacker found the issue in two hours, serves them right for making money
Ronin has received approximately $10 million worth of returned ETH and hopes that the USDC portion will also be returned. They will reward the white hat hacker with a $500,000 bounty. The cross-chain bridge will undergo another audit before resuming its services.