In an unexpected twist, the infamous Ronin network attack that saw nearly 3,996 Ether (ETH), worth over $10 million, drained from the platform on August 6 was rectified when the attacker returned almost all the stolen funds. A maximum extractable value (MEV) bot, programmed to duplicate transactions and pay a higher gas fee for a quick execution, was behind the incident. Mistakenly, it exploited the Ronin system, leading to an unintentional cyber attack.
Probing into the matter, all but 5 ETH, amounting to 3,991 ETH was re-deposited into the Ronin team’s account around 3:04pm UTC. The whereabouts of the residual 5 ETH is unknown. In response to this reversal, Ronin has announced a bounty reward of $500,000 for the bot’s owner for uncovering this glitch on the platform.
Assurances have been given by the Ronin team that measures are being taken to prevent a recurrence. Reopening of the bridge will only transpire after a thorough audit confirms that the vulnerability has been patched.
On occasions such as these, it’s typical for the funds to be returned by the MEV bot owner. A similar episode occurred back in July when over $8 million was drained from Rho Markets protocol, later compensated by the bot’s owner. Ronin, which hosts Axie Infinity, a Web3 game with a claimed user base of over 2.7 million, was also exploited for more than $600 million earlier in March 2022.