White Hat hacker
Ronin said the actors of Tuesday's exploit were white hats -- the funds have since been returned. White Hat Hacking Explained | YouTube The Infographics Show YouTube Channel/Screenshot

KEY POINTS

  • Ronin said white hats informed it about an issue on the Ronin bridge Tuesday
  • The network said the actors 'responded in good faith' but some crypto users are doubtful
  • Others suggested the exploit could have been carried out by an 'insider'

Web3 gaming blockchain Ronin Network was attacked by actors who took a total of $12 million in Ether ($ETH) and USD Coin ($USDC) tokens due to an issue with the Ronin bridge, and while the stolen funds have been returned by the "white hats," some crypto users' questions remain unanswered.

Ronin announces exploit

Ronin revealed that 4,000 $ETH and two million $USDC tokens were withdrawn from the Ronin bridge Tuesday. "Today's bridge upgrade, after being deployed through the governance process, introduced an issue leading the bridge to misinterpret the required bridge operators vote threshold to withdraw funds," the Ethereum Virtual Machine (EVM) compatible network said of the exploit.

It said that "white-hats" informed them about the potential exploit, resulting in the bridge being paused about 40 minutes after the first on-chain activity was spotted.

"We are currently negotiating with the actors, who appear to be acting as white-hats and have responded in good faith," it said, adding that all user funds are safe and should there be any shortfalls, the funds will be re-deposited into the bridge once it is back in operation.

Actors return funds

Ronin said a few hours after the exploit announcement that the entire $12 million in pilfered funds had been returned. "We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty," it said.

On further steps to prevent another exploit, Ronin said the bridge will undergo an audit before reopening and the bridge will be shifted away from the network's current structure.

Crypto users raise issue about white hats

Despite the security incident's resolution and the return of all withdrawn funds, some cryptocurrency users questioned the supposed white hat process. "How are they whitehats if you have to negotiate?" one user asked, adding that white hat hackers should only have informed Ronin about the breach "without stealing" tokens.

As other users joined in on the debate, the user went on to reiterate his stance that the group that returned the funds were "greyhats at best" since white hats wouldn't be in the "negotiation" table unless they were hired to do so. "There has been massive reputational damage caused by acting this way and any 'negotiation' is holding the project hostage," he insisted.

Another user argued that it took the white hats "too long" to return the funds if they truly were white hat hackers, as Ronin said.

Not the first time

Several other users floated the theory of a "self hack," something the crypto industry has seen in some exploits over the years.

Aside from the notion that it could have been an "insider" job, many users pointed out that it wasn't the first time the Ronin network was hacked. One user asked how many more times the blockchain should be exploited before the team learns. The Ronin bridge was hacked in March 2022, as per auditing firm QuillAudits. At the time, the blockchain lost a whopping $600 million.