Ronin Bridge Exploit: Stolen Funds Remain Stuck

• News brought down AXS, SLP and RON market prices, causing a cascade of liquidations.
• Hacker moves ETH to new addresses.
• Assets on Ronin stuck without counterpart in the bridge smart contract.

The Ronin Bridge exploit turned out to be the biggest theft from a decentralized smart contract. In the past, bridges have been attacked for sums of up to $30M equivalent. But the $621M exploit happened because of the popularity of Axie Infinity, and of multiple players switching to Ronin and depositing Ethereum-based assets, ETH, and USDC tokens.

The exploit, which actually drained the contract on March 23, was noted on Tuesday. The hacker managed to get the ETH and USDC tokens to exchanges, but also short the assets in anticipation of the news breaking. 

In one the largest ever #DeFi exploit, a Threat Actor managed to steal an estimated $630M USDC&ETH from @Ronin_Network, our analysis shows that some of the stolen funds were sent to the largest digital currency exchanges worldwide.
ETH:0x098b716b8aaf21512996dc57eb0615e2383e2f96 pic.twitter.com/XP2gSLZ2WY

— whitestream – Blockchain Intelligence (@whitestream5) March 29, 2022

The shorting meant anyone who bet on rising prices of Axie Infinity Shards (AXS), Ronin (RON) or Smooth Love Potion (SLP) would have their positions liquidated for immediate losses. 

But what was even more ironic – the hacker also got liquidated earlier. After the hack, the hacker also set short orders for the assets. It was around that time that AXS started rallying, liquidating the positions.

How the Hack Affected Markets

A day after the exploit was discovered, RON lost its usual range around $2.50. RON is now down by 24%, to $1.79 after an immediate deep crash.

AXS prices also fell off a cliff from above $70 to a low around $62. The same trading pattern was seen for SLP, though with smaller losses to $0.020.

The actual stolen assets can be traced on the blockchain and exchanges have promised cooperation for yet unsold tokens.

https://twitter.com/cz\_binance/status/1508869326916530176

However, the problem remains that nearly $630M of assets on the Ronin network have no backing and cannot be returned to the Ethereum network. The biggest problem is that now, their value is in doubt as all stolen tokens are now duplicated in two ecosystems. 

The Katana exchange remains closed, with users that deposited funds for liquidity mining essentially locked out of their funds.

The Ronin network itself remains safe to use, and the team has increased the number of validators to avoid a similar attack. However, the bridge contract is now empty, and the only solution is to refill it, replacing the 173,600 ETH and 25.5M USDC. 

What is interesting is that the hacker’s wallet continues to receive small amounts of ETH, while some of the tokens from the smart contract are being sent out to new addresses with a single transaction. It is possible the hacker may not return the stolen funds, and not all of the tokens can be intercepted if they end up on decentralized exchanges.