Ronin Network

avoid.net/ronin-network→22/100·93% conf.

[AI-DRAFTED · AWAITING VERIFICATION]

22/100

[CRITICAL]93% conf.

Summary

Ronin Network is an Ethereum sidechain developed by Sky Mavis to support the Axie Infinity play-to-earn game. In March 2022, it suffered the largest cryptocurrency hack in history when attackers — subsequently attributed by the FBI and U.S. Treasury to North Korea's Lazarus Group — exploited compromised validator private keys to drain approximately $625 million in ETH and USDC. A second, smaller exploit occurred in August 2024, though those funds were returned by a white-hat MEV bot operator.

Connected Entities

1 entities

Organizations

□Ronin Network

Relationships

+ 2 more

Have evidence about Ronin Network?

Timeline(12 events)

2021-11-01

Sky Mavis temporarily allowlisted to sign transactions on behalf of the Axie DAO validator to manage transaction volume.

2021-12-01

Temporary delegation program expired, but the Axie DAO validator allowlist entry was never revoked — creating the backdoor later exploited.

2022-03-23

Attackers used compromised Sky Mavis validator keys and the unrevoked Axie DAO RPC backdoor to authorize two fraudulent withdrawals: 173,600 ETH and 25.5 million USDC, totaling approximately $625 million.

2022-03-29

Sky Mavis discovered the hack after a user reported inability to withdraw ~5,000 ETH. The breach had gone undetected for six days. Sky Mavis published a public disclosure.

2022-04-04

Lazarus Group begins routing stolen funds through Tornado Cash; the laundering campaign via the mixer would continue through May 19, 2022, processing approximately $455 million.

2022-04-06

Sky Mavis announced a $150 million fundraising round led by Binance (with a16z, Paradigm, Accel, Dialectic) to reimburse hack victims.

2022-04-14

FBI and U.S. Treasury formally attributed the Ronin hack to Lazarus Group and APT38, linked to the Democratic People's Republic of Korea. OFAC added Lazarus-controlled wallet addresses to its sanctions list.

2022-05-06

OFAC sanctioned cryptocurrency mixer Blender.io for processing $20.5 million in Ronin hack proceeds — the first-ever U.S. sanctions on a crypto mixer.

2022-06-28

Ronin bridge relaunched following audits by Verichains and CertiK, with upgraded validator count (11 nodes), raised threshold (10-of-11 signatures), and a new circuit-breaker system.

2022-08-12

OFAC sanctioned Tornado Cash, citing its role in laundering over $455 million in Ronin hack proceeds among other illicit funds.

2022-09-08

Chainalysis and law enforcement announced the first-ever seizure of cryptocurrency stolen by a North Korean hacking group: approximately $30 million recovered from Ronin hack proceeds.

2024-08-06

Ronin bridge suffered a second exploit: approximately $12 million (4,000 ETH and 2 million USDC) extracted via a smart contract initialization bug. An MEV bot frontran the attacker and returned all funds, receiving a $500,000 white-hat bounty.

Provenance & Audit Trail

Anchored on Solana Verify on-chain

Decision Log

#1publish⛓ anchored · slot 4232104785/30/2026, 6:25:44 PM
hash: 2DPSbkDxUDEX8c6De2iSsgPUL9Cw5UBiN2qYdyK2VeMn

This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

full audit log →version history →

model: claude-sonnet-4-6

generated: 5/30/2026, 6:25:40 PM

last updated: 5/30/2026, 6:25:44 PM

avoid.net — verified advice for a post-truth world