Web3 游戏区块链 Ronin Network 遭到攻击者攻击，盗取了总计 1200 万美元的以太币 ($ETH) 和美元硬币 ($USDC) 代币

Ronin 宣布利用 Ronin 透露，周二从 Ronin 桥上提取了 4,000 美元 ETH 和 200 万美元 USDC 代币。

Web3 gaming blockchain Ronin Network was attacked by actors who pilfered a total of $12 million in Ether ($ETH) and USD Coin ($USDC) tokens due to an issue with the Ronin bridge, and while the stolen funds have been returned by the "white hats," some crypto users' questions remain unanswered.

Web3 游戏区块链 Ronin Network 受到攻击者的攻击，由于 Ronin 桥的问题，他们窃取了总计 1200 万美元的以太币 ($ETH) 和美元硬币 ($USDC) 代币，而被盗资金已由“白帽”，一些加密货币用户的问题仍未得到解答。

Announcing the exploit on Tuesday, Ronin said 4,000 $ETH and two million $USDC tokens were withdrawn from the Ronin bridge. "Today's bridge upgrade, after being deployed through the governance process, introduced an issue leading the bridge to misinterpret the required bridge operators vote threshold to withdraw funds," the Ethereum Virtual Machine (EVM) compatible network said of the exploit.

Ronin 周二宣布了这一漏洞，并表示从 Ronin 桥中提取了 4,000 美元 ETH 和 200 万美元 USDC 代币。以太坊虚拟机（EVM）兼容网络在谈到该漏洞时表示：“今天的网桥升级在通过治理流程进行部署后，引入了一个问题，导致网桥误解了提取资金所需的网桥运营商投票阈值。”

"Earlier today, we were notified by white-hats about a potential exploit on the Ronin bridge," the network said, adding that after verifying the reports, the bridge was paused approximately 40 minutes after the first on-chain action was spotted.

该网络表示：“今天早些时候，我们接到白帽黑客的通知，称 Ronin 桥上存在潜在的漏洞。”并补充说，在核实报告后，在发现第一个链上操作后，该桥暂停了大约 40 分钟。

"The actors withdrew ~4K ETH and 2M USDC, valued at ~$12M, which were quickly spotted by our team and white-hats and moved into a safe place. We are currently negotiating with the actors, who appear to be acting as white-hats and have responded in good faith," it said, adding that all user funds are safe and should there be any shortfalls, the funds will be re-deposited into the bridge once it is back in operation.

“演员们提取了约 4K ETH 和 200 万 USDC，价值约 1200 万美元，很快就被我们的团队和白帽子发现并转移到了安全的地方。我们目前正在与演员进行谈判，他们似乎扮演着白人的角色-帽子并做出了真诚的回应。”它补充说，所有用户资金都是安全的，如果出现任何短缺，一旦桥梁恢复运行，这些资金将被重新存入桥梁。

A few hours after the exploit announcement, Ronin said the entire $12 million in pilfered funds had been returned by the actors. "We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty," it said.

公布漏洞利用消息几小时后，Ronin 表示，黑客已归还全部 1200 万美元被盗资金。 “我们感谢白帽子的警惕和正直。Bug 赏金计划将奖励白帽子 50 万的赏金，”它说。

"Update: The ETH (~$10 M) has been returned and we expect that the USDC will be returned later today. We thank the white hats for their vigilance and integrity. The Bug Bounty Program will reward the white hats with a 500 K bounty. The bridge will undergo an audit before it is…"On further steps to prevent another exploit, Ronin said the bridge will undergo an audit before reopening and the bridge will be shifted away from the network's current structure.

“更新：ETH（约 1000 万美元）已被返还，我们预计 USDC 将在今天晚些时候返还。我们感谢白帽子的警惕性和正直。Bug 赏金计划将奖励白帽子 50 万美元这座桥将在重新开放之前接受审核……“为了防止再次被利用，罗宁表示，这座桥将在重新开放之前接受审核，并且这座桥将远离网络当前的结构。

Crypto users raise issue about white hatsDespite the security incident's resolution and the return of all withdrawn funds, some cryptocurrency users questioned the supposed white hat process. "How are they whitehats if you have to negotiate?" one user asked, adding that white hat hackers should only have informed Ronin about the breach "without stealing" tokens.

加密货币用户提出有关白帽的问题尽管安全事件得到解决并且所有撤回的资金都已归还，但一些加密货币用户对所谓的白帽流程提出了质疑。 “如果你必须谈判的话，他们怎么会是白帽呢？”一位用户问道，并补充说白帽黑客应该只向 Ronin 通报此次泄露事件，“而不是窃取”代币。

"How are they whitehats if you have to negotiate? Whitehats would have informed you about the exploit without stealing it in the first place. Honestly."As other users joined in on the debate, the user went on to reiterate his stance that the group that returned the funds were "greyhats at best" since white hats wouldn't be in the "negotiation" table unless they were hired to do so. "There has been massive reputational damage caused by acting this way and any 'negotiation' is holding the project hostage," he insisted.

“如果你必须进行谈判，他们怎么会是白帽？白帽会在一开始就通知你这个漏洞，而不会窃取它。老实说。”随着其他用户加入辩论，该用户继续重申他的立场，即该组织返还资金的人充其量是“灰帽子”，因为白帽子不会出现在“谈判”桌上，除非他们被雇用这样做。他坚称：“这种行为造成了巨大的声誉损害，任何‘谈判’都会使该项目成为人质。”

Another user argued that it took the white hats "too long" to return the funds if they truly were white hat hackers, as Ronin said.

正如罗宁所说，另一名用户认为，如果白帽确实是白帽黑客，那么他们花了“太长时间”才归还资金。

"White hack? Are you sure guys? He took too long to return the funds. Anyway the criticality in your Smart Contract was detected by @TheArkhivist Team one hour before it happened.https://t.co/t3myBRrWhs"Several other users floated the theory of a "self hack," something the crypto industry has seen in some exploits over the years.

“白黑客？你们确定吗？他花了太长时间才归还资金。无论如何，@TheArkhivist 团队在事件发生前一小时就检测到了您的智能合约中的严重性。https://t.co/t3myBRrWhs”其他几位用户提出了“自我黑客”的理论，加密行业多年来在一些漏洞利用中已经看到了这一点。

"SelfHack

“自我黑客

Insiders getting a free milli.

内部人士免费获得一毫。

Damn..web3

该死的..web3

Smells somtthing fishy"Aside from the notion that it could have been an "insider" job, many users pointed out that it wasn't the first time the Ronin network was hacked. One user asked how many more times the blockchain should be exploited before the team learns. The Ronin bridge was hacked in March 2022, as per auditing firm QuillAudits. At the time, the blockchain lost a whopping $600 million.

闻起来有股腥味”除了认为这可能是“内部”工作之外，许多用户还指出，这并不是 Ronin 网络第一次被黑客攻击。一位用户询问区块链还应该被利用多少次？该团队获悉，根据审计公司 QuillAudits 的说法，Ronin 桥于 2022 年 3 月遭到黑客攻击，当时区块链损失了 6 亿美元。

"Urgent Security Alert: Ronin Bridge Exploit 🚨 Frens, @Ronin_Network has been hit by another serious breach, marking the third major exploit in its history.

“紧急安全警报：Ronin Bridge 漏洞 🚨 Frens，@Ronin_Network 遭遇另一次严重漏洞，这是其历史上的第三次重大漏洞。

At 09:37:23 AM UTC, the Axie Infinity: Ronin Bridge V2 transferred 3,996 ETH to the MEV Bot, which then transferred 4.00… pic.twitter.com/RvrV2dG081"

世界标准时间上午 09:37:23，Axie Infinity: Ronin Bridge V2 向 MEV 机器人传输了 3,996 ETH，然后 MEV 机器人又传输了 4.00… pic.twitter.com/RvrV2dG081"