Bitcoin 
Ethereum 
Tether 
BNB 
XRP 
Solana 
USDC 
Lido Staked Ether 
Dogecoin 
TRON 
Cardano 
Wrapped stETH 
Wrapped Beacon ETH 
Wrapped Bitcoin 
Chainlink 
Figure Heloc 
Ethena USDe 
Wrapped eETH 
Stellar 
Bitcoin Cash 
Hyperliquid 
Sui 
Avalanche 
WETH 
Binance Bridged USDT (BNB Smart Chain) 
LEO Token 
USDS 
Hedera 
Coinbase Wrapped BTC 
Litecoin 
USDT0 
Mantle 
Shiba Inu 
WhiteBIT Coin 
Toncoin 
Monero 
Ethena Staked USDe 
Cronos 
Polkadot 
Dai 
Bittensor 
Uniswap 
World Liberty Financial 
Zcash 
Aave 
OKB 
MemeCore 
Bitget Token 
Pepe 
Ethena 
NEAR Protocol 
Aster 
Jito Staked SOL 
BlackRock USD Institutional Digital Liquidity Fund 
USD1 
sUSDS 
Aptos 
Ethereum Classic 
PayPal USD 
Currency One USD 
Ondo 
Binance-Peg WETH 
Falcon USD 
Jupiter Perpetuals Liquidity Provider Token 
Story 
POL (ex-MATIC) 
Worldcoin 
Binance Staked SOL 
Gate 
Internet Computer 
HTX DAO 
KuCoin 
Arbitrum 
Rocket Pool ETH 
USDtb 
Algorand 
Pi Network 
Provenance Blockchain 
BFUSD 
ChainOpera AI 
Cosmos Hub 
VeChain 
Kelp DAO Restaked ETH 
Wrapped BNB 
Kaspa 
Tether Gold 
StakeWise Staked ETH 
Pudgy Penguins 
Kinetiq Staked HYPE 
Liquid Staked ETH 
Render 
Sky 
Pump.fun 
Flare 
Sei 
Lombard Staked BTC 
Renzo Restaked ETH 
PAX Gold 
Official Trump 
Bonk 
NEXO 
PancakeSwap 
Jupiter 
Filecoin 
Syrup USDC 
Binance Bridged USDC (BNB Smart Chain) 
SPX6900 
Solv Protocol BTC 
Immutable 
XDC Network 
First Digital USD 
Mantle Staked Ether 
Morpho 
DoubleZero 
Jupiter Staked SOL 
Celestia 
Injective 
Arbitrum Bridged WBTC (Arbitrum One) 
clBTC 
SolMev 
Fasttoken 
Lido DAO 
Optimism 
Ripple USD 
Stacks 
Marinade Staked SOL 
Curve DAO 
Artificial Superintelligence Alliance 
Plasma 
Aerodrome Finance 
OUSG 
cgETH Hashkey Cloud 
Sonic 
L2 Standard Bridged WETH (Base) 
The Graph 
Superstate Short Duration U.S. Government Securities Fund (USTB) 
Global Dollar 
FLOKI 
Pyth Network 
Synthetix 
Stables Labs USDX 
Ondo US Dollar Yield 
Saros 
Kaia 
Tezos 
tBTC 
Arbitrum Bridged WETH (Arbitrum One) 
Ether.fi 
Stader ETHx 
GTETH 
Aethir 
AB 
Pendle 
IOTA 
MYX Finance 
Conflux 
USDai 
Beldex 
Trust Wallet 
dogwifhat 
Theta Network 
Dash 
Ethereum Name Service 
Coinbase Wrapped Staked ETH 
GALA 
The Sandbox 
Usual USD 
Starknet 
Swell Ethereum 
Mantle Restaked ETH 
Virtuals Protocol 
Raydium 
Avalanche Bridged BTC (Avalanche) 
JasmyCoin 
Binance-Peg Dogecoin 
RNA 
Decentraland 
BitTorrent 
SwissBorg 
Mantle Bridged USDT (Mantle) 
EigenCloud (prev. EigenLayer) 
Vaulta 
Aster Staked BNB 
TrueUSD 
Arbitrum Bridged Wrapped eETH (Arbitrum) 
Steakhouse USDC Morpho Vault 
Maple Finance 
USDD 
Flow 
Polygon Bridged USDC (Polygon PoS) 
Polygon PoS Bridged DAI (Polygon POS) 
0G 
ether.fi Staked ETH 
Sun Token 
AI Companions 
Bitcoin SV 
Jito 
Polygon PoS Bridged WETH (Polygon POS) 
Frax Ether 
crvUSD 
The bridge between Ethereum and gaming-focused Ronin sidechain was halted early Tuesday following another exploit, leading to the loss of approximately $12 million worth of assets—but most of the funds have already been returned.
The incident, described as a potential “MEV exploit,” was brought to light early Tuesday by ethical hackers, Ronin co-founder Aleksander Larsen said on Twitter. He reassured users that the bridge, which secures over $850 million in assets, remains safe.
The Ronin account noted that approximately 4,000 ETH and $2 million worth of the dollar-pegged USDC stablecoin were swiped, adding up to about $12 million worth of stolen assets. The damage was limited by safeguards that cap the size of any Ronin withdrawal in a single transaction.
Late Tuesday morning, the Ronin team announced that all of the ETH—approximately $10 million worth—had been returned, and that they expected the USDC to be returned later in the day. Ronin’s developers will reward the white hat hackers with a $500,000 reward for reporting the exploit and returning the swiped funds.
Update:
The ETH (~$10 M) has been returned and we expect that the USDC will be returned later today. We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty.
The bridge will undergo an audit before it is…
— Ronin (@Ronin_Network) August 6, 2024
Ronin’s team blamed a problem with a bridge upgrade launched earlier in the day, which it said “introduced an issue leading the bridge to misinterpret the required bridge operators vote threshold to withdraw funds.”
Adrian Hetman, head of triaging at blockchain security firm Immunefi, told Decrypt that bridge upgrades are common avenues for attacks as they can introduce new ways to exploit the connection between chains and steal funds.
“An upgrade introduces a new attack surface and, if implemented without the necessary security measures, could potentially lead to the complete collapse of the project,” Hetman said, pointing to 2022’s attack of the Nomad protocol as a key example.
In the follow-up tweet, Ronin’s developers said that the bridge code will be audited before it’s brought back online, and that they intend to work with network validators to “shift operation of the bridge away from the current structure.”
Ronin is the gaming-focused network that was originally launched for Axie Infinity, the monster-battling game that racked up billions of dollars’ worth of NFT trading volume in 2021. Since then, it has expanded to feature games from other studios besides Sky Mavis, including the popular social farming game Pixels.
As of now, Ronin’s native token, RON, appears only modestly affected by the news. While the price did broadly decline in the hours following the attack, RON rebounded slightly and remains up more than 2% over the past day amid a broader market rebound after Monday’s plunge. The token is priced at $1.43 as of press time, down 27% over the last week.
This is not the first time that the Ronin bridge has been compromised. In late March 2022, a major hack resulted in the loss of $622 million from the network in an attack that the U.S. Treasury pinned on North Korea’s infamous Lazarus hacking group. The bridge was down for months, but was ultimately revived with added decentralization measures as Sky Mavis refunded affected users.
A more recent February incident, though smaller, saw $9.5 million worth of ETH taken from Ronin wallets, including those of Sky Mavis and Ronin Network co-founder Jeff Zirlin.
Earlier today, we were notified by white-hats about a potential exploit on the Ronin bridge. After verifying the reports, the bridge was paused approximately 40 minutes after the first on-chain action was spotted.
The actors withdrew ~4K ETH and 2M USDC, valued at ~$12M, which…
— Ronin (@Ronin_Network) August 6, 2024
Ronin representatives declined further comment to Decrypt following the tweeted statement. A full postmortem report on the attack is expected to be released next week.
By MEV, Larsen was referring to maximum extractable value bots, which are software tools developed to monitor blockchains to find profit opportunities and automatically exploit them through automated transactions. The controversy around MEV bots centers on fairness and network integrity.
Critics have argued these bots exploit users, increase fees, and centralize power to tech-savvy operators by facilitating front running, sandwich attacks, and back running, among other features. Supporters claim that they provide necessary market efficiency. The debate highlights tensions between profit-seeking behavior and blockchain ideals of equal access.
This incident comes amid growing concerns over the security of blockchain bridges. Immunefi recently reported that over $1.19 billion has been lost due to hacks and fraud in the year to date, marking a 16.3% increase compared to the same period last year. Bridges remain a key avenue for attacks.
“The bridge contains lots of money and is moving large amounts of funds every day,” Immunefi’s Hetman told Decrypt. “This is a juicy piece of code for any black hat trying to find a way in and steal a portion of it or all of it, the same as for the white hats trying to protect the users and the project. Apply appropriate internal and external procedures to this to make it as secure as possible.”
Edited by Stacy Elliott and Andrew Hayward
