‘Axie Infinity’ Founder’s Ronin Wallets Hacked for $9.5 Million in Ethereum

  decrypt.co 23 February 2024 04:49, UTC

Approximately $9.5 million worth of Ethereum was stolen from wallets on the Ronin gaming network Thursday and routed through the Tornado Cash mixer, with the co-founder of Ronin and NFT game Axie Infinity tweeting that he was impacted by the attack.

All told, about 3,250 ETH ($9.5 million) was pilfered from Ronin network wallets and sent through the network’s bridge to three separate Ethereum wallets, according to tweets from security firms PeckShield and Webacy.

The ETH was then routed through Tornado Cash, an automated service that mixes together funds from multiple users to make it more difficult to trace where the cryptocurrency ends up.

Jeff “Jiho” Zirlin, co-founder of Ronin and Axie Infinity creator Sky Mavis, tweeted on Thursday night that his personal wallets had been “compromised” in the attack.

This has been a tough morning for me.

Two of my addresses have been compromised.

The attack is limited to my personal accounts, and has nothing to do with validation or operations of the Ronin chain.

Additionally, the leaked keys have nothing to do with Sky Mavis operations.…

— Jihoz.ron 🦌 (@Jihoz_Axie) February 23, 2024

“This has been a tough morning for me. Two of my addresses have been compromised,” he wrote. “The attack is limited to my personal accounts, and has nothing to do with validation or operations of the Ronin chain.”

“Additionally, the leaked keys have nothing to do with Sky Mavis operations. I want to assure everyone that we have strict security measures in place for all chain-related activities,” Zirlin added. “Thank you to everyone that’s reached out. I’m safe. I will get through this.”

Decrypt’s GG reached out to Zirlin and a Sky Mavis representative to confirm the details of the attack, but did not immediately hear back.

#PeckShieldAlert It appears a whale wallet has been compromised, & ~3,248 $ETH (worth ~$9.7m) from the #Ronin Bridge was withdrawn and transferred to #TornadoCash pic.twitter.com/sRK36BQFDu

— PeckShieldAlert (@PeckShieldAlert) February 23, 2024

In a separate tweet, fellow Sky Mavis co-founder Aleksander «Psycheout» Larsen reinforced Zirlin’s comments that the attack had nothing to do with the Ronin Network’s own security, the security of its Ethereum bridge, nor funds from Sky Mavis.

“The bridge has no issue and Ronin is not compromised,” Larsen wrote in reply to a since-deleted tweet. “A wallet has clearly been compromised like what happens on every chain, and the funds are being Tornado Cashed.

“The bridge itself has top security, been through many audits, and goes on pause when too much is being withdrawn,” Larsen added.

The price of Ronin (RON) briefly plunged as the funds were withdrawn from the network. CoinGecko shows that the price immediately dipped from about $3.17 to $2.74, declining by more than 13% in a matter of minutes. It has recovered to $2.97 as of this writing.

The attack on Zirlin’s wallets comes two years after Ronin’s own Ethereum bridge was hacked for $622 million worth of cryptocurrency. The attack was pinned on the infamous North Korean hacker group Lazarus, and blamed on a lack of sufficient decentralization on the Ethereum gaming sidechain at the time.

Authorities later recovered about $30 million worth of cryptocurrency routed through centralized exchanges. Sky Mavis fully refunded all cryptocurrency taken from users during the February 2022 heist.

Edited by Ryan Ozawa.

Source