Axie co-founder hacked for $10M two years after $625M Ronin attack

Jihoz, the co-founder of crypto gaming platform Axie Infinity, has reportedly been hacked for $9.7 million from two ‘compromised’ personal wallets.

Over 3 million RON tokens were drained on the Ronin Network before being sold for ETH, causing a 9% drop in the token’s price, according to data from CoinMarketCap.

According to Peckshield, over 3,000 ETH were withdrawn from the game’s Ronin Bridge, which also suffered a loss from compromised keys in 2022. The funds were immediately deposited into crypto mixing service Tornado Cash.

This has been a tough morning for me. 

Two of my addresses have been compromised.

The attack is limited to my personal accounts, and has nothing to do with validation or operations of the Ronin chain.

Additionally, the leaked keys have nothing to do with Sky Mavis operations.…

— Jihoz.ron 🦌 (@Jihoz_Axie) February 23, 2024

Read more: Explainer: What to know about crypto mixer Tornado Cash

Security firm Ancilia’s initial flagging of the withdrawals suggested that the bridge itself had an issue. However, this was quickly refuted by Axie and Ronin’s COO, who added, “The bridge itself has top security, been through many audits, and goes on pause when too much is being withdrawn.”

Axie Infinity is a blockchain-based game that exploded in popularity via the concept of ‘play-to-earn’ during the crypto market’s last bull run.

What happened to Ronin Bridge? @Ronin_Network https://t.co/Cj1DIBHpom

Over 2790 ETH has been withdrawn and deposited to Tornado immediately. pic.twitter.com/DXbN0rJq93

— Ancilia, Inc. (@AnciliaInc) February 23, 2024

Read more: The play-to-earn crypto bubble has popped — Axie Infinity leads, down 99% from ATH

In order to avoid costly Ethereum transaction fees, which would make the game unplayable, Ronin Network was set up as a cheap sidechain for players’ assets.

In March 2022, the Ronin Bridge was hacked for approximately $625 million worth of Ether and USDC. Shortly afterward, the FBI ascribed the losses to the work of the North Korean state-sponsored hacking group Lazarus.

The bridge was emptied due to a majority of validator keys (five of just nine validators) being compromised. For comparison, Ethereum currently has over 1.2 million validators. Four of the Ronin validators were run by Sky Mavis, the developers of Axie Infinity, with the final validator, which belonged to the Axie DAO, overridden thanks to an agreement designed to ease network congestion.

This attack was originally detailed in a post-mortem report from the Ronin team, but it has since been deleted.

With such a large concentration of funds, blockchain bridges have often proven lucrative targets for crypto hackers, who use an array of social engineering techniques to gain access to key infrastructure. 

In the case of Ronin, the hack was executed through a malicious PDF, which was delivered under the guise of a job offer. 

Jihoz has yet to provide details on how he believes this latest attack took place.
Read more: https://protos.com/explained-why-hackers-keep-exploiting-cross-blockchain-bridges/