Cover image
FEB 24, 2024

Axie Infinity co-founder suffers $9.5M loss in wallet hack

by CoinNess Global

Jeff “Jihoz” Zirlin, one of the co-founders of Sky Mavis, the Singapore-headquartered development firm behind both Axie Infinity and the Ronin Network, has faced a significant setback as some of his personal crypto wallets have fallen victim to a hack.

Funds drained through Tornado Cash

The hack has resulted in the loss of approximately $9.7 million worth of ether (ETH). The breach, which occurred on Feb. 23, saw two crypto wallet addresses associated with Zirlin compromised. The perpetrator managed to abscond with 3,248 ETH, funneling the stolen funds through Tornado Cash, a privacy-focused Ethereum mixer.
The alarm was raised by PeckShield, a blockchain investigation firm, which identified the compromise of a "whale wallet" through the Ronin Bridge. PeckShield attributed the breach to a "wallet compromise," which facilitated unauthorized outbound transfers of funds.
PeckShield's investigation revealed that the pilfered 3,248 ETH was initially dispersed across three different wallets before being funneled into Tornado Cash. This service, notorious for its use by hackers seeking to obfuscate the origin and traceability of illicit funds, served as a conduit for the stolen assets.
Confirming the attack and remarking on having had a “tough morning,” Zirkin outlined on social media that “the attack is limited to my personal accounts, and has nothing to do with validation or operations of the Ronin chain.”
He emphasized the implementation of stringent security protocols across all chain-related activities, seeking to reassure stakeholders of the company’s commitment to safeguarding user assets. Although specific details regarding the breach remain undisclosed, Zirlin's statement suggests a leakage of the private keys associated with his personal wallets, granting unauthorized access to the hacker.

Ronin Network secure

PeckShield’s revelation prompted Aleksander Larsen, co-founder of Ronin Network, to swiftly respond, affirming the robust security measures of the Ronin Bridge. The social media post that Larsen had responded to, which he claimed to have an “extremely misleading title,” was later deleted.
Larsen suspected that the breach stemmed from a wallet hack rather than a flaw within the bridge itself. Notably, Ronin had been targeted in a high-profile attack in March 2022, orchestrated by the North Korea-backed Lazarus Group, resulting in a $625 million loss.In response to this previous breach Sky Mavis initiated a comprehensive overhaul of Ronin's core systems to bolster decentralization and mitigate future vulnerabilities.

$112M Ripple co-founder hack

In a separate incident, Binance intercepted $4.2 million worth of stolen XRP, part of the $112 million hack targeting Ripple co-founder Chris Larsen's personal wallet on Jan. 31. Unlike the Axie Infinity breach, the perpetrator behind Larsen's hack refrained from leveraging crypto mixer services or decentralized exchanges, enabling Binance to track and immobilize a portion of the illicitly obtained funds.
Axie Infinity, heralded as a pioneering "play-to-earn" Web3 game, has emerged as a lucrative platform, enabling players to earn cryptocurrency and trade in-game assets via blockchain technology. Since its inception in 2018, the game has amassed $1.3 billion in revenue, underscoring its prominence within the burgeoning blockchain gaming ecosystem.
To comment, please sign in.
Article has no comments yet.