Hack Explained - Ronin 2024

Hack Explained - Ronin 2024

·

1 min read

The Ronin Network, a blockchain platform integral to the Axie Infinity ecosystem, was compromised in a security breach on 6 August 2024, resulting in the theft of approximately $12 million, including 4,000 ETH and $2 million in USDC. The breach originated from a vulnerability introduced during a recent contract upgrade.

Behind the Breach

The root cause of the exploit was in the recent contract upgrade, two new initialize functions were added but in the upgrade transaction initializeV3() was not called, leaving it uninitilised.

Contract: https://etherscan.io/address/0xfc274ec92bbb1a1472884558d1b5caac6f8220ee#code

Lessons from the Incident

This incident shows the critical need for thorough testing and auditing, particularly during updates, highlighting that even small changes can have huge security impacts.


Rivanorth is a boutique Web3 cybersecurity company. We specialise in smart contract audits and 360 degree security services for Web3. Visit rivanorth.com to find out more.

You build the future. We help you secure it.