Peckshield, a blockchain security firm, announced a significant security breach on the Ronin Network, resulting in the loss of 3,996 Ether tokens, valued at around $9.8 million.

Speculation of White Hat Hacker Involvement in Ronin Breach

The breach was first detected by Peckshield, which speculated in an August 6 post that a white hat hacker might be responsible for the exploit. White hat hackers are ethical hackers who typically return stolen assets after exposing security vulnerabilities. However, in this instance, the funds have not been returned, leaving the hacker's true intentions uncertain.

The nature of the breach is also unclear, with some suggesting that a maximal extractable value (MEV) bot could be involved. MEV bots are automated tools used by blockchain validators to find and exploit arbitrage opportunities in decentralized finance (DeFi) protocols. While these bots are usually employed for profit, they can occasionally exploit vulnerabilities unintentionally.

Further investigation revealed that the MEV bot “0x4ab” carried out the $9.8 million transfer via the Ronin bridge. A small portion of the stolen funds, amounting to 3.9 Ether, was later transferred to another wallet linked to the address “0x952” or “beaverbuild.” This action hints at a potential ethical motive behind the hack, as similar scenarios have seen responsible parties return the assets.

Similar Breaches and White Hat Actions

Shortly before the Ronin breach, a similar incident occurred at Rho Markets in July, where an MEV bot exploited the protocol for $7.6 million. Notably, all stolen funds were recovered within a week, setting a precedent for the potential return of assets in such situations.

The Ronin breach is part of a larger trend in the cryptocurrency space, where even malicious hackers sometimes return stolen funds. In May, a hacker involved in a wallet poisoning scam returned $71 million worth of wrapped Bitcoin (WBTC) after significant public and investigative pressure. The return was purportedly impacted by a report from the on-chain security firm SlowMist, which distinguished potential IP locations of the assailant.

This latest incident adds to a worrying trend: in July alone, approximately $266 million was lost to crypto hacks, including a massive loss of over $230 million by the Indian exchange WazirX.