Cyber Incident Victim: Ronin

On March 29, 2022, Sky Mavis disclosed that its Ronin Network bridge, an Ethereum sidechain facilitating transactions for the Axie Infinity game, had suffered a major security breach resulting in the theft of approximately $620 million in cryptocurrency. The attack occurred on March 23 when an unauthorized actor exploited the network's validator node system to steal 173,600 Ethereum and 25.5 million USDC tokens through two transactions. Ronin's bridge required five out of nine validator signatures to authorize withdrawals, and the attacker gained control of four validator nodes operated by Sky Mavis along with a fifth validator node managed by third-party organization Axie DAO. This compromise was achieved by exploiting a backdoor in Sky Mavis's gas-free RPC node, which enabled the attacker to obtain the Axie DAO validator signature. The breach remained undetected for nearly six days until March 29, when discovery occurred only after a user attempted to withdraw 5,000 Ethereum and found the bridge non-functional.

Sky Mavis immediately responded by shutting down both the Ronin Bridge and Katana Dex platform to contain further damage while launching an investigation. The company confirmed that while AXS, RON, and SLP tokens on Ronin remained secure, all Ethereum and USDC deposits had been stolen. Most stolen funds remained in the attacker's Ethereum wallet at the time of disclosure, though some Ethereum had been transferred to multiple external addresses and cryptocurrency exchanges. Sky Mavis collaborated with law enforcement agencies, forensic cryptographers, and investors to trace the stolen assets and prevent user fund losses, declaring this their highest priority. The incident surpassed the August 2021 Poly Network hack as the largest cryptocurrency theft in history, significantly disrupting operations for Axie Infinity's ecosystem and highlighting critical vulnerabilities in cross-chain bridge security architectures.