Read Time 1 mins | 07 January 2025
The Ronin Network, a blockchain platform integral to the Axie Infinity ecosystem, was compromised in a security breach on 6 August 2024, resulting in the theft of approximately $12 million, including 4,000 ETH and $2 million in USDC. The breach originated from a vulnerability introduced during a recent contract upgrade.
Behind the Breach
The root cause of the exploit was in the recent contract upgrade, two new initialise functions were added but in the upgrade transaction initializeV3() was not called, leaving it uninitilised.
Contract: https://etherscan.io/address/0xfc274ec92bbb1a1472884558d1b5caac6f8220ee#code
Lessons from the Incident
This incident shows the critical need for thorough testing and auditing, particularly during updates, highlighting that even small changes can have huge security impacts.