Ronin Bridge
HackedInfrastructure · born 2021 · ✝ 2022
Axie Infinity's bridge drained for ~$625M via stolen validator keys.
Ronin was the Ethereum sidechain bridge powering Axie Infinity. North Korea's Lazarus Group compromised validator keys and stole roughly $625M in ETH and USDC, one of the largest crypto hacks ever.
- Peak
- ~$625M stolen
- Cause
- Hacked
- Year of death
- 2022
☠️ Cause of death
Attackers gained control of 5 of 9 validator keys (some via a backdoored partner approval) and signed fraudulent withdrawals; the breach went unnoticed for days.
📓 Lessons left behind
- —Few validators mean a single compromise can be catastrophic.
- —Concentrated key control defeats the point of a bridge.
- —Monitoring for abnormal withdrawals is essential.
🌱 The idea that survived
Decentralized bridge security
Push toward more validators, multisig thresholds, and proof-based bridges to reduce single points of failure.
#bridge#lazarus#exploit