On Tuesday, Peckshield disclosed a significant security breach affecting the Ronin Network via an X post, resulting in the theft of 3,996 Ethereum (ETH) tokens worth around $9.8M.
Blockchain security firm Peckshield first discovered the breach and speculated in an Aug. 6 X post that a white hat hacker might have executed it. A key difference between white hat hackers and malicious actors is that white hat hackers usually return stolen assets after revealing security vulnerabilities.
However, in this case, the hacker has not returned the funds, leaving their actual intentions unclear. This uncertainty also affects the nature of the breach, which some suggest a maximal extractable value (MEV) bot may have triggered.
Blockchain validators use MEV bots to automate the detection and exploitation of arbitrage opportunities in decentralized finance (DeFi) protocols. While these bots are typically used for profit, they can sometimes unintentionally exploit vulnerabilities within a protocol.
MEV bot’s role in the Ronin breach
Additional analysis revealed that the MEV bot “0x4ab” conducted the $9.8M transfer through the Ronin bridge. Subsequently, someone transferred a small portion of the stolen funds, totaling 3.9 ETH, to another wallet linked to the address “0x952” or “beaverbuild.” This action hints at a possible ethical motive behind the hack, as similar cases have led to the return of stolen assets in the past.
Related data breaches and white hat actions
Just before the Ronin security breach, Rho Markets experienced a similar incident in July. An MEV bot exploited the protocol, resulting in a $7.6M loss. Notably, authorities recovered all the stolen funds within a week, highlighting a precedent for the potential return of assets in similar situations. The Ronin security breach reflects a broader trend in the cryptocurrency space: Even malicious hackers sometimes return stolen funds.
Related | Ethereum developer slams crypto industry as “Casino for Dum-Dums”