Ronin Co-founder Zirlin Claims he Lost $9.7M to Wallet Hack

Ronin and Axie Infinity co-founder Jeff “Jihoz” Zirlin has claimed that two of his wallets have been hacked and about $9.7 million worth of Ethereum stolen.

The funds from the compromised wallets from Ronin Bridge v2 were initially split and moved to three different ones. They were then routed through Tornado Cash Mixer, a move to obscure the ownership and traceability of the funds.

Ronin Bridge Remains Unaffected

On-chain analyst Lookonchain alerted on a hacker attacking Zirlin’s two wallets, compromising 3.2 million RON, 282.32 WETH, 160,000 PIXEL, 2.76M SLP, 2,042 USDC, and 164 AXS. The perpetrator then exchanged the assets for 3,249 ETH and deposited them on Tornado.

A hacker attacked 2 wallets of @Jihoz_Axie and stole $10.46M assets, including:

3.2M $RON ($9.53M)
282.32 $WETH ($834K)
160K $PIXEL ($87K)
2.76M $SLP ($10K)
2,042 $USDC
164 $AXS ($1,272)

All assets were exchanged for 3,249 $ETH ($9.6M) and deposited into #TornadoCash . pic.twitter.com/BUe8V3q3er

— Lookonchain (@lookonchain) February 23, 2024

Zirlin took to X to confirm the hack, saying it was a tough morning for him, having two of his addresses compromised. He explained that the attack was on his accounts and had nothing to do with the Ronin Chain’s operations and validation. He then assured his followers that he was safe and would get through the situation.

This has been a tough morning for me.

Two of my addresses have been compromised.

The attack is limited to my personal accounts, and has nothing to do with validation or operations of the Ronin chain.

Additionally, the leaked keys have nothing to do with Sky Mavis operations.…

— Jihoz.ron 🦌 (@Jihoz_Axie) February 23, 2024

While the hacker compromised Zirlin’s wallet, Aleksander Larsen, one of the Ronin co-founders, assured that the Ronin Bridge had not been compromised.

Larsen explained that the Ronin Bridge had been audited and equipped with a safety mechanism to pause operations in the event of an unusually large withdrawal. In addition, he said the attack was not caused by vulnerabilities within Sky Mavis operations or the Ronin chain.

According to blockchain investigator PeckShield, the hack was caused by a “wallet compromise” whereby the hacker could transfer funds unauthorized.

Ronin’s $625M Hack

The Zirlin wallet attack comes two years after a major Ronin hack in which its Ethereum bridge was breached. The bad actors managed to take off with $625 million worth of cryptocurrency.

The incident was attributed to the notorious North Korean hacker group Lazarus. Notably, its cause was linked to inadequate decentralization within the Ethereum gaming sidechain at that period.

Subsequently, authorities managed to recover approximately $30 million in cryptocurrency channeled through centralized exchanges. Sky Mavis then announced that it would ensure all affected users were fully compensated for their lost crypto.

Meanwhile, Ripple co-founder Chris Larsen’s wallet was hacked on February 1. Binance managed to freeze the $4.2 million worth of XRP stolen in the $112 million hack. Unlike Zirlin’s hacker, the Larsen hacker did not use a crypto mixer like Tornado. Hence, Binance could trace and block some of the stolen funds.