Axie Infinity’s co-founder, Jihoz, has reportedly encountered a $9.7 million hack from two of his personal wallets, described as ‘compromised.’ This incident involved the drainage of over 3 million RON tokens from the Ronin Network, subsequently sold for Ethereum, resulting in a 9% decrease in the token’s value, as per CoinMarketCap data.
Peckshield revealed that more than 3,000 Ethereum were withdrawn from Axie’s Ronin Bridge, which suffered a similar compromise in 2022. The withdrawn funds were promptly funnelled into the Tornado Cash crypto mixing service.
This has been a tough morning for me.
Two of my addresses have been compromised.
The attack is limited to my personal accounts, and has nothing to do with validation or operations of the Ronin chain.
Additionally, the leaked keys have nothing to do with Sky Mavis operations.…
— Jihoz.ron 🦌 (@Jihoz_Axie) February 23, 2024
Initial concerns raised by security firm Ancilia pointed towards potential issues within the bridge itself, but Axie and Ronin’s COO swiftly rebutted this, affirming the bridge’s robust security measures and its ability to pause transactions during suspicious activities.
Axie Infinity, known for its blockchain-based ‘play-to-earn’ gaming model, gained immense popularity during the previous crypto bull market. To mitigate the high transaction fees on Ethereum, the Ronin Network was established as a cost-effective sidechain for players’ assets.
In March 2022, the Ronin Bridge fell victim to a hack resulting in approximately $625 million worth of Ether and USDC being stolen. The FBI attributed this attack to Lazarus, a North Korean state-sponsored hacking group.
The breach occurred due to a compromise of the majority of validator keys, with only nine validators in total, highlighting a vulnerability compared to Ethereum’s significantly larger validator pool. Sky Mavis, the developers of Axie Infinity, operated four of the Ronin validators, while an agreement allowed the Axie DAO’s validator to override transactions to alleviate network congestion.
Although initially detailed in a Ronin team post-mortem report, information regarding the attack has since been removed.
Blockchain bridges, owing to their substantial funds concentration, have become prime targets for crypto hackers, often exploiting social engineering tactics. In the Ronin case, the hack was facilitated through a malicious PDF masquerading as a job offer.
Jihoz has yet to provide insights into the specifics of this recent attack.