Two of Jeff “Jihoz” Zirlin’s personal cryptocurrency wallets were compromised, resulting in the theft of approximately $9.7 million worth of Ether.
The breach involved two cryptocurrency wallet addresses associated with Zirlin, a co-founder of Axie Infinity and the Ronin Network. The hacker managed to siphon off the stolen funds, totaling 3,248 ETH, through Tornado Cash.
On February 23, blockchain investigator PeckShield raised an alert regarding a breach in a “whale wallet” via the Ronin Bridge.
Hacked or not hacked? @Ronin_Network
0x73f428e1037a310d472A24100dA37fB1d8dEC8B8
0x39F817976C51A91b60145feBad81067e69713105
0xA4017DE6460bD63a77404dd2C2344D6135eD13b2 https://t.co/WQxaY9n5OR pic.twitter.com/5KURCJAW77— PeckShieldAlert (@PeckShieldAlert) February 23, 2024
Initially suspected as a compromise in the Ronin Bridge security, Aleksander Larsen, another co-founder of the Ronin Network, clarified that the bridge itself maintained high security standards and suggested a wallet hack instead.
The bridge has no issue and Ronin is not compromised.
Extremely misleading title.
A wallet has clearly been compromised like what happens on every chain, and the funds are being tornado cashed.
The bridge itself has top security, been through many audits and goes on pause when…
— Psycheout.ron (@Psycheout86) February 23, 2024
Larsen emphasized that the Ronin Bridge underwent auditing and was designed to halt operations upon detecting unusually large withdrawals. Subsequently, Zirlin confirmed the compromise of his two personal wallets, asserting that the breach was unrelated to vulnerabilities within the Ronin chain or Sky Mavis operations. He reassured the community of stringent security measures in place for all chain-related activities.
In conversation with Cointelegraph, PeckShield identified the root cause of the breach as a “wallet compromise,” enabling unauthorized outbound fund transfers. Although specific details regarding the breach were not disclosed, Zirlin’s statement implied that the leak of private keys facilitated unauthorized access to his personal cryptocurrency wallets.
PeckShield’s investigation revealed that the stolen 3,248 ETH was initially divided and transferred to three different wallets before ultimately being laundered through Tornado Cash, a service commonly utilized by hackers to obfuscate fund ownership and traceability.
#PeckShieldAlert It appears a whale wallet has been compromised, & ~3,248 $ETH (worth ~$9.7m) from the #Ronin Bridge was withdrawn and transferred to #TornadoCash pic.twitter.com/sRK36BQFDu
— PeckShieldAlert (@PeckShieldAlert) February 23, 2024
In a separate incident on February 1, Binance froze $4.2 million worth of stolen XRP originating from a $112-million hack on Ripple co-founder Chris Larsen’s personal wallet on January 31. Unlike the hacker targeting Axie Infinity’s Jihoz, who utilized crypto mixer services and decentralized exchanges to conceal their identity, Binance was able to trace and block some of the funds accessed by Larsen’s hacker.
After finding out early on about the exploit that occurred at @Ripple, we’re happy to say that the #Binance team has managed to freeze $4.2 Million worth of $XRP stolen by the exploiter.
We appreciate both the communities efforts in flagging it to exchanges – as always @zachxbt…
— Richard Teng (@_RichardTeng) February 1, 2024