The co-founder of Axie Infinity, Jeff “Jihoz” Zirlin, was targeted by hackers who managed to steal 3248 ETH worth $9.7 million from the compromised wallets.
The stolen funds were then siphoned off by the hackers using Tornado Cash.
Axie Infinity Co-Founder Targeted
The details of the hack were revealed by blockchain security firm PeckShield, which posted information on a whale wallet compromise on the Ronin Bridge, stating that the hacker made off with 3248 ETH.
“It appears a whale wallet has been compromised, & ~3,248 $ETH (worth ~$9.7m) from the #Ronin Bridge was withdrawn and transferred to #TornadoCash.”
To this post, Aleksander Larsen, the co-founder of the Ronin Network, responded that the Ronin Bridge has top security in place and suspected that a wallet hack had occurred.
“The bridge has no issue, and Ronin is not compromised—extremely misleading title. A wallet has clearly been compromised, like what happens on every chain, and the funds are being tornado-cashed. The bridge itself has top security, been through many audits and goes on pause when too much is being withdrawn.”
Larsen highlighted that the Ronin Bridge had been audited several times and was designed to pause if an unusually large withdrawal was detected.
Zirlin Confirms Losses
Soon after the exchange, the Axie Infinity co-founder confirmed the hack, stating that two of his personal wallets had been compromised. He clarified that the hack did not result from any vulnerability within Sky Mavis or the Ronin Chain.
“This has been a tough morning for me. Two of my addresses have been compromised. The attack is limited to my personal accounts and has nothing to do with the validation or operations of the Ronin chain. Additionally, the leaked keys have nothing to do with Sky Mavis operations. I want to assure everyone that we have strict security measures in place for all chain-related activities. Thank you to everyone that’s reached out. I’m safe.”
PeckShield stated that the root cause of the hack was a wallet compromise that allowed the unauthorized transfer of funds from the wallet. It is still unclear how the hackers managed to gain control of the two wallets in question.
Stolen Funds Laundered
PeckShield investigated the compromised wallets, revealing that the stolen funds were split and moved into three different wallets. The funds eventually made their way to Tornado Cash, a service that is a favorite among hackers to anonymize the fund’s ownership and traceability.
Others, such as Ripple co-founder Chris Larsen, have also fallen victim to similar hacks when his wallet was compromised. However, Binance was able to track and freeze a part of the stolen funds. This was because Larsen’s hackers did not use crypto mixer services or decentralized exchanges to hide their identity.
“After finding out early on about the exploit that occurred at @Ripple, we’re happy to say that the #Binance team has managed to freeze $4.2 Million worth of $XRP stolen by the exploiter. We appreciate both the communities efforts in flagging it to exchanges – as always, @zachxbt
did a great job – and the Ripple team’s work in collaborating with us. We will continue to support Ripple in their investigations and efforts to retrieve the funds, including closely monitoring the majority of funds still in the exploiter’s external wallets in case they deposit to Binance.”
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Source: https://cryptodaily.co.uk/2024/02/97m-stolen-from-axie-infinity-co-founders-personal-wallets