Skip to main content
Sign in
Ronin Network1 decision on this page

Audit log

Every state-changing event for Ronin Network: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-30 18:25:44Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 423,210,478
    sig
    nTup89aBsGnM…GCuqXnw3explorer ↗
    hash
    2DPSbkDxUDEX…dyK2VeMnsha256 → base58
    verifying row…full verify ↗
    canonical bytes (7529 B) ▸
    {"actor":"system:backfill","investigation_id":"640262a4-4f8d-4af2-b253-c0f6b7bd33d7","kind":"publish","page_slug":"ronin-network","published_at":"2026-05-30T18:25:44.049Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Ronin Network","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2022/03/29/axie-infinitys-ronin-network-suffers-625m-exploit","type":"other","url":""},{"credibility":3,"name":"https://therecord.media/more-than-625-million-stolen-in-defi-hack-of-ronin-network","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-ronin-hack-march-2022","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-ronin-hack-march-2022","type":"other","url":""},{"credibility":3,"name":"https://roninchain.com/blog/posts/community-alert-ronin-validators-6513cc78a5edc1001b03c366","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-ronin-network-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.bleepingcomputer.com/news/security/fbi-links-largest-crypto-hack-ever-to-north-korean-hackers/","type":"other","url":""},{"credibility":3,"name":"https://www.cnbc.com/2022/04/15/ronin-hack-north-korea-linked-to-615-million-crypto-heist-us-says.html","type":"other","url":""},{"credibility":3,"name":"https://www.siliconrepublic.com/enterprise/crypto-hack-north-korea-lazarus-us-ronin-axie-infinity","type":"other","url":""},{"credibility":3,"name":"https://www.justice.gov/archives/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.chainalysis.com/blog/axie-infinity-ronin-bridge-dprk-hack-seizure/","type":"other","url":""},{"credibility":3,"name":"https://home.treasury.gov/news/press-releases/jy0916","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/crypto-mixer-sanctioned-by-us-treasury-for-role-in-axie-infinity-hack","type":"other","url":""},{"credibility":3,"name":"https://www.chainalysis.com/blog/tornado-cash-ofac-designation-sanctions/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/04/06/sky-mavis-raises-150m-round-led-by-binance-to-reimburse-ronin-attack-victims","type":"other","url":""},{"credibility":3,"name":"https://techcrunch.com/2022/04/06/axie-infinity-creator-raises-150m-round-to-compensate-victims-of-625m-ronin-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.chainalysis.com/blog/axie-infinity-ronin-bridge-dprk-hack-seizure/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blockonomi.com/axie-infinitys-ronin-bridge-audited-relaunched-after-hack/","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/ronin-network-reveals-new-validators-count-and-relaunch-date-after-620m-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-ronin-hack-march-2022","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-ronin-network-hack-august-2024","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/243343/ronin-gaming-network-recovers-swiped-ethereum-12-million-attack","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/ronin-bridge-exploit-mev/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.alixpartners.com/insights/102hntj/a-bridge-too-far-largest-ever-crypto-hack-highlights-the-impact-on-users-and-the/","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/blockchains/ronin-returns-to-ethereum-while-tvl-remains-95-below-2022-bridge-hack-level","type":"other","url":""},{"credibility":3,"name":"https://grvt.io/blog/crypto-history-ronin-bridge-hack/","type":"other","url":""}]}],"sources_used":[],"summary":"Ronin Network is an Ethereum sidechain developed by Sky Mavis to support the Axie Infinity play-to-earn game. In March 2022, it suffered the largest cryptocurrency hack in history when attackers — subsequently attributed by the FBI and U.S. Treasury to North Korea's Lazarus Group — exploited compromised validator private keys to drain approximately $625 million in ETH and USDC. A second, smaller exploit occurred in August 2024, though those funds were returned by a white-hat MEV bot operator.","timeline":[{"date":"2021-11-01","event":"Sky Mavis temporarily allowlisted to sign transactions on behalf of the Axie DAO validator to manage transaction volume.","source":""},{"date":"2021-12-01","event":"Temporary delegation program expired, but the Axie DAO validator allowlist entry was never revoked — creating the backdoor later exploited.","source":""},{"date":"2022-03-23","event":"Attackers used compromised Sky Mavis validator keys and the unrevoked Axie DAO RPC backdoor to authorize two fraudulent withdrawals: 173,600 ETH and 25.5 million USDC, totaling approximately $625 million.","source":""},{"date":"2022-03-29","event":"Sky Mavis discovered the hack after a user reported inability to withdraw ~5,000 ETH. The breach had gone undetected for six days. Sky Mavis published a public disclosure.","source":""},{"date":"2022-04-04","event":"Lazarus Group begins routing stolen funds through Tornado Cash; the laundering campaign via the mixer would continue through May 19, 2022, processing approximately $455 million.","source":""},{"date":"2022-04-06","event":"Sky Mavis announced a $150 million fundraising round led by Binance (with a16z, Paradigm, Accel, Dialectic) to reimburse hack victims.","source":""},{"date":"2022-04-14","event":"FBI and U.S. Treasury formally attributed the Ronin hack to Lazarus Group and APT38, linked to the Democratic People's Republic of Korea. OFAC added Lazarus-controlled wallet addresses to its sanctions list.","source":""},{"date":"2022-05-06","event":"OFAC sanctioned cryptocurrency mixer Blender.io for processing $20.5 million in Ronin hack proceeds — the first-ever U.S. sanctions on a crypto mixer.","source":""},{"date":"2022-06-28","event":"Ronin bridge relaunched following audits by Verichains and CertiK, with upgraded validator count (11 nodes), raised threshold (10-of-11 signatures), and a new circuit-breaker system.","source":""},{"date":"2022-08-12","event":"OFAC sanctioned Tornado Cash, citing its role in laundering over $455 million in Ronin hack proceeds among other illicit funds.","source":""},{"date":"2022-09-08","event":"Chainalysis and law enforcement announced the first-ever seizure of cryptocurrency stolen by a North Korean hacking group: approximately $30 million recovered from Ronin hack proceeds.","source":""},{"date":"2024-08-06","event":"Ronin bridge suffered a second exploit: approximately $12 million (4,000 ETH and 2 million USDC) extracted via a smart contract initialization bug. An MEV bot frontran the attacker and returned all funds, receiving a $500,000 white-hat bounty.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 662fb3dc-cffb-4927-aca3-5fec51e2f44a
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.