Ronin Bridge: North Korea's $625M Payday
North Korea stole $625M from a video game. Nobody noticed for six days.
A state-sponsored hacking group from North Korea stole $625 million from a video game about cartoon axolotls. That sentence is real. That actually happened.
Axie Infinity was the biggest play-to-earn game in crypto, and its Ronin Bridge connected the game's sidechain to Ethereum. The bridge used a multi-sig system that required 5 of 9 validators to approve transactions. The problem: Sky Mavis, the company behind Axie, controlled 4 of those 9 validators. One more and you had the keys to the kingdom.
The Lazarus Group, North Korea's elite hacking unit, targeted a senior Sky Mavis engineer through a fake job offer on LinkedIn. The engineer downloaded a booby-trapped PDF, and the hackers used that foothold to compromise Sky Mavis's internal systems and grab the 5th validator key from a third-party organization called Axie DAO.
With 5 of 9 keys, they drained 173,600 ETH and 25.5 million USDC. The wildest part? Nobody noticed for six days. The hack only came to light when a user tried to withdraw 5,000 ETH and the bridge didn't have the funds.
The FBI later confirmed the Lazarus Group was behind the attack. The stolen funds were laundered through Tornado Cash, a crypto mixing service that the U.S. Treasury subsequently sanctioned. A small portion was recovered with help from law enforcement, but North Korea kept most of it. Intelligence analysts believe the funds went toward the country's nuclear weapons program.
The Aftermath
U.S. authorities seized about $30M of the stolen crypto in September 2022, but most of the haul was laundered through Tornado Cash and later Sinbad. The hack destroyed trust in bridges and play-to-earn simultaneously. Axie never recovered its user base. The U.S. sanctioned Tornado Cash, sparking a debate about whether code can be sanctioned.
COMMENTS