The co-founder of Axie Infinity and Ronin Network, Jeff “Jihoz” Zirlin, faced a significant setback as hackers targeted two of his crypto wallet addresses, resulting in the theft of approximately $9.7 million worth of ether. The breach, executed via Tornado Cash, saw 3,248 ETH stolen from Zirlin's wallets, prompting blockchain investigator PeckShield to raise the alarm on February 23 regarding a breach in a "whale wallet" on the Ronin Bridge.
Responding swiftly to the incident, Ronin Network co-founder Aleksander Larsen affirmed the robust security measures in place for the Ronin Bridge, attributing the breach to a suspected hacking of the compromised wallet rather than a flaw in the bridge's security architecture. Larsen underscored the bridge's stringent security protocols, highlighting its auditing and surveillance mechanisms, which are designed to flag and suspend unusually large withdrawals.
Zirlin corroborated Larsen's assessment, confirming that the breach stemmed from his personal wallet compromise rather than any vulnerability within the Ronin chain or Sky Mavis operations. Assuring stakeholders, Zirlin reiterated the implementation of strict security protocols across all blockchain-related activities to mitigate such incidents in the future.
PeckShield shed light on the root cause of the hack, identifying a "wallet leak" as the underlying issue leading to unauthorized outbound transfers. While specific details of the breach remain undisclosed, Zirlin's account suggests that the compromise originated from the unauthorized access to his personal crypto wallet, resulting from compromised private keys.
PeckShield's investigation into the compromised wallets revealed that the stolen ETH was funneled into Tornado Cash, a service frequently employed by hackers to obfuscate the ownership and traceability of illicitly acquired funds. This incident underscores the ongoing challenges posed by cyber threats in the crypto space, emphasizing the importance of robust security measures and proactive vigilance to safeguard digital assets and mitigate potential risks.
