{
	"id": "1f1b6dea-a886-4b96-b5c6-4917528cd2d3",
	"created_at": "2026-04-29T08:22:20.482881Z",
	"updated_at": "2026-04-29T10:42:13.000486Z",
	"deleted_at": null,
	"sha1_hash": "1a6d8ad11e92c528de3cc8affab25858d6e608ff",
	"title": "A hacker stole $625 million from the blockchain behind NFT game Axie Infinity",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46766,
	"plain_text": "A hacker stole $625 million from the blockchain behind NFT game\r\nAxie Infinity\r\nBy Adi Robertson, Corin Faife\r\nPublished: 2022-03-29 · Archived: 2026-04-29 07:15:39 UTC\r\nRoughly $625 million worth of cryptocurrency has been stolen from Ronin, the blockchain underlying popular\r\ncrypto game Axie Infinity. Ronin and Axie Infinity operator Sky Mavis revealed the breach on Tuesday and froze\r\ntransactions on the Ronin bridge, which allows depositing and withdrawing funds from the company’s blockchain.\r\nSky Mavis says it’s working with law enforcement to recover 173,600 Ethereum (currently worth around $600\r\nmillion) and 25.5 million USDC (a cryptocurrency pegged to the US dollar) from the culprit, who withdrew it\r\nfrom the network on March 23rd. The attack focused on the bridge to Sky Mavis’ Ronin blockchain, an\r\nintermediary between Axie Infinity and other cryptocurrency blockchains like Ethereum. Users could deposit\r\nEthereum or USDC to Ronin, then purchase non-fungible token items or in-game currency, or they could sell their\r\nin-game assets and withdraw the money.\r\nAccording to Sky Mavis, an attacker used hacked private security keys to compromise the network nodes that\r\nvalidate transfers to and from the Ronin blockchain. That let the attacker quietly withdraw large quantities of\r\nEthereum and USDC. The transfer was discovered today — nearly a week later — when another user attempted to\r\nwithdraw 5,000 Ethereum through the bridge.\r\n“As we’ve witnessed, Ronin is not immune to exploitation”\r\nSky Mavis says the “axie” NFT tokens players must buy to access Axie Infinity haven’t been compromised, nor\r\nhave the SLP and AXS in-game cryptocurrencies used in battling and breeding the pokémon-like cartoon axolotls.\r\n(Disclosure: Adi purchased three axies for a total of $105 last month in order to report on the game; axies\r\ncurrently sell starting at around $25 apiece.) But the freezing of withdrawals and deposits effectively locks out\r\nmany new players, and the hack leaves the fate of other user funds on the Ronin blockchain in question. Sky\r\nMavis says it’s “working with law enforcement officials, forensic cryptographers, and our investors to make sure\r\nthere is no loss of user funds,” calling that its “top priority.”\r\nValidator nodes are a feature of proof-of-stake blockchains like Ronin, which are less energy intensive than proof-of-work systems like Bitcoin and Ethereum. The nodes review new transactions to confirm that their inputs and\r\noutputs match and that authorization signatures are valid, rejecting any transactions that don’t conform. Using a\r\nsmaller number of nodes is faster and more efficient — but as the hack shows, it can create security risks if a\r\nmajority of the nodes are compromised. It’s a potential vulnerability for blockchains that are touted as both\r\ncheaper and more environmentally friendly than Ethereum.\r\nValidator nodes are a key feature of less energy-intensive blockchains\r\nhttps://www.theverge.com/2022/3/29/23001620/sky-mavis-axie-infinity-ronin-blockchain-validation-defi-hack-nft\r\nPage 1 of 2\n\nAccording to Sky Mavis, the Ronin attack was possible partly because of a shortcut the company had taken to\r\nrelieve an “immense user load” on its network in November of last year — months after the game exploded in\r\npopularity in the Philippines and other countries where players relied on it as a full-time job. The system was\r\ndiscontinued in December, but the permissions that allowed it were never revoked. In addition to compromising\r\nfour of Sky Mavis’ own nodes, the attacker exploited them to get access to one managed by the community-owned\r\nAxie DAO. After compromising five of the nine validator nodes, the attacker could effectively override any\r\ntransaction security and withdraw whatever funds they liked.\r\nSky Mavis says it will increase the required number of nodes to eight for transactions, and it will reopen the Ronin\r\nbridge “at a later date” once it’s certain no more funds can be drained. For now, the Ronin breach appears to be the\r\nlargest hack to date of “decentralized finance” networks, coming on the heels of a $322 million theft from the\r\nbridge protocol Wormhole last month.\r\n“As we’ve witnessed, Ronin is not immune to exploitation and this attack has reinforced the importance of\r\nprioritizing security, remaining vigilant, and mitigating all threats,” the company said in its announcement. “We\r\nknow trust needs to be earned and are using every resource at our disposal to deploy the most sophisticated\r\nsecurity measures and processes to prevent future attacks.”\r\n0 Comments\r\nFollow topics and authors from this story to see more like this in your personalized homepage feed and to\r\nreceive email updates.\r\nAdi Robertson\r\nCorin Faife\r\nSource: https://www.theverge.com/2022/3/29/23001620/sky-mavis-axie-infinity-ronin-blockchain-validation-defi-hack-nft\r\nhttps://www.theverge.com/2022/3/29/23001620/sky-mavis-axie-infinity-ronin-blockchain-validation-defi-hack-nft\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.theverge.com/2022/3/29/23001620/sky-mavis-axie-infinity-ronin-blockchain-validation-defi-hack-nft"
	],
	"report_names": [
		"sky-mavis-axie-infinity-ronin-blockchain-validation-defi-hack-nft"
	],
	"threat_actors": [],
	"ts_created_at": 1777450940,
	"ts_updated_at": 1777459333,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1a6d8ad11e92c528de3cc8affab25858d6e608ff.pdf",
		"text": "https://archive.orkl.eu/1a6d8ad11e92c528de3cc8affab25858d6e608ff.txt",
		"img": "https://archive.orkl.eu/1a6d8ad11e92c528de3cc8affab25858d6e608ff.jpg"
	}
}