TechFlow news — On August 6, the gaming blockchain Ronin announced an update on X, stating that it had identified a potential vulnerability in the Ronin bridge after being alerted by a white-hat hacker. After verification, the team paused bridge operations approximately 40 minutes after the first on-chain activity. The attacker managed to withdraw about 4,000 ETH and 2 million USDC, valued at around $12 million. This amount matches the maximum withdrawal limit per transaction, highlighting how the bridge's withdrawal cap played a crucial role in preventing even greater losses.
The Ronin team explained that today’s bridge upgrade introduced an issue during governance, causing the system to misinterpret the required quorum of validator votes for fund withdrawals. The team is actively working to resolve this root cause and plans to conduct another vote after a rigorous audit to ensure bridge security. Currently, Ronin is negotiating with the attacker, who appears to be acting as a white-hat hacker and has shown goodwill. Regardless of the negotiation outcome, all user funds are safe, and any shortfall will be reimbursed when the bridge reopens.
The team also stated that a detailed post-mortem analysis will be released next week, outlining the technical details of the incident and future preventive measures.
