Verify a decision

{"actor":"system:backfill","investigation_id":"640262a4-4f8d-4af2-b253-c0f6b7bd33d7","kind":"publish","page_slug":"ronin-network","published_at":"2026-05-30T18:25:44.049Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Ronin Network","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/tech/2022/03/29/axie-infinitys-ronin-network-suffers-625m-exploit","type":"other","url":""},{"credibility":3,"name":"https://therecord.media/more-than-625-million-stolen-in-defi-hack-of-ronin-network","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-ronin-hack-march-2022","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-ronin-hack-march-2022","type":"other","url":""},{"credibility":3,"name":"https://roninchain.com/blog/posts/community-alert-ronin-validators-6513cc78a5edc1001b03c366","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/hack-track-analysis-of-ronin-network-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.bleepingcomputer.com/news/security/fbi-links-largest-crypto-hack-ever-to-north-korean-hackers/","type":"other","url":""},{"credibility":3,"name":"https://www.cnbc.com/2022/04/15/ronin-hack-north-korea-linked-to-615-million-crypto-heist-us-says.html","type":"other","url":""},{"credibility":3,"name":"https://www.siliconrepublic.com/enterprise/crypto-hack-north-korea-lazarus-us-ronin-axie-infinity","type":"other","url":""},{"credibility":3,"name":"https://www.justice.gov/archives/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.chainalysis.com/blog/axie-infinity-ronin-bridge-dprk-hack-seizure/","type":"other","url":""},{"credibility":3,"name":"https://home.treasury.gov/news/press-releases/jy0916","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/crypto-mixer-sanctioned-by-us-treasury-for-role-in-axie-infinity-hack","type":"other","url":""},{"credibility":3,"name":"https://www.chainalysis.com/blog/tornado-cash-ofac-designation-sanctions/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.coindesk.com/business/2022/04/06/sky-mavis-raises-150m-round-led-by-binance-to-reimburse-ronin-attack-victims","type":"other","url":""},{"credibility":3,"name":"https://techcrunch.com/2022/04/06/axie-infinity-creator-raises-150m-round-to-compensate-victims-of-625m-ronin-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.chainalysis.com/blog/axie-infinity-ronin-bridge-dprk-hack-seizure/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://blockonomi.com/axie-infinitys-ronin-bridge-audited-relaunched-after-hack/","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/ronin-network-reveals-new-validators-count-and-relaunch-date-after-620m-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-ronin-hack-march-2022","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-ronin-network-hack-august-2024","type":"other","url":""},{"credibility":3,"name":"https://decrypt.co/243343/ronin-gaming-network-recovers-swiped-ethereum-12-million-attack","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/ronin-bridge-exploit-mev/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.alixpartners.com/insights/102hntj/a-bridge-too-far-largest-ever-crypto-hack-highlights-the-impact-on-users-and-the/","type":"other","url":""},{"credibility":3,"name":"https://thedefiant.io/news/blockchains/ronin-returns-to-ethereum-while-tvl-remains-95-below-2022-bridge-hack-level","type":"other","url":""},{"credibility":3,"name":"https://grvt.io/blog/crypto-history-ronin-bridge-hack/","type":"other","url":""}]}],"sources_used":[],"summary":"Ronin Network is an Ethereum sidechain developed by Sky Mavis to support the Axie Infinity play-to-earn game. In March 2022, it suffered the largest cryptocurrency hack in history when attackers — subsequently attributed by the FBI and U.S. Treasury to North Korea's Lazarus Group — exploited compromised validator private keys to drain approximately $625 million in ETH and USDC. A second, smaller exploit occurred in August 2024, though those funds were returned by a white-hat MEV bot operator.","timeline":[{"date":"2021-11-01","event":"Sky Mavis temporarily allowlisted to sign transactions on behalf of the Axie DAO validator to manage transaction volume.","source":""},{"date":"2021-12-01","event":"Temporary delegation program expired, but the Axie DAO validator allowlist entry was never revoked — creating the backdoor later exploited.","source":""},{"date":"2022-03-23","event":"Attackers used compromised Sky Mavis validator keys and the unrevoked Axie DAO RPC backdoor to authorize two fraudulent withdrawals: 173,600 ETH and 25.5 million USDC, totaling approximately $625 million.","source":""},{"date":"2022-03-29","event":"Sky Mavis discovered the hack after a user reported inability to withdraw ~5,000 ETH. The breach had gone undetected for six days. Sky Mavis published a public disclosure.","source":""},{"date":"2022-04-04","event":"Lazarus Group begins routing stolen funds through Tornado Cash; the laundering campaign via the mixer would continue through May 19, 2022, processing approximately $455 million.","source":""},{"date":"2022-04-06","event":"Sky Mavis announced a $150 million fundraising round led by Binance (with a16z, Paradigm, Accel, Dialectic) to reimburse hack victims.","source":""},{"date":"2022-04-14","event":"FBI and U.S. Treasury formally attributed the Ronin hack to Lazarus Group and APT38, linked to the Democratic People's Republic of Korea. OFAC added Lazarus-controlled wallet addresses to its sanctions list.","source":""},{"date":"2022-05-06","event":"OFAC sanctioned cryptocurrency mixer Blender.io for processing $20.5 million in Ronin hack proceeds — the first-ever U.S. sanctions on a crypto mixer.","source":""},{"date":"2022-06-28","event":"Ronin bridge relaunched following audits by Verichains and CertiK, with upgraded validator count (11 nodes), raised threshold (10-of-11 signatures), and a new circuit-breaker system.","source":""},{"date":"2022-08-12","event":"OFAC sanctioned Tornado Cash, citing its role in laundering over $455 million in Ronin hack proceeds among other illicit funds.","source":""},{"date":"2022-09-08","event":"Chainalysis and law enforcement announced the first-ever seizure of cryptocurrency stolen by a North Korean hacking group: approximately $30 million recovered from Ronin hack proceeds.","source":""},{"date":"2024-08-06","event":"Ronin bridge suffered a second exploit: approximately $12 million (4,000 ETH and 2 million USDC) extracted via a smart contract initialization bug. An MEV bot frontran the attacker and returned all funds, receiving a $500,000 white-hat bounty.","source":""}]},"v":1}