Ronin Bridge Hack (2022).

A March 2022 attack on the Ronin Network bridge that drained ~$625 million in ETH and USDC — at the time the largest crypto bridge hack ever — attributed to North Korea's Lazarus Group via compromise of validator keys. It belongs to the Web3 & Blockchain category of cybersecurity.

A March 2022 attack on the Ronin Network bridge that drained ~$625 million in ETH and USDC — at the time the largest crypto bridge hack ever — attributed to North Korea's Lazarus Group via compromise of validator keys.

The Ronin Network bridge was the cross-chain bridge supporting Axie Infinity, the popular play-to-earn game built by Sky Mavis on the Ronin sidechain. On 23 March 2022 attackers withdrew 173,600 ETH and 25.5 million USDC (~US $625 million) from the bridge in two transactions. The bridge required signatures from 5 of 9 validator nodes to authorize withdrawals; investigators found that the attackers had compromised four Sky Mavis-controlled validator keys, plus a fifth controlled by the Axie DAO that Sky Mavis had been temporarily authorized to sign on behalf of months earlier — leaving the bridge with only one effective signer. Compromise was achieved via a spear-phishing PDF sent to a Sky Mavis engineer that delivered a backdoor on the engineer's machine. The U.S. Treasury OFAC and Chainalysis attributed the attack to North Korea's Lazarus Group (APT38). The Ronin incident reshaped Web3 security thinking: bridge designs concentrated trust in small validator sets are catastrophic single-points-of-failure, and even social-engineering-grade attacks on a single engineer can have nine-figure consequences.

Defences for Ronin Bridge Hack (2022) typically combine technical controls and operational practices, as detailed in the full definition above.

Common alternative names include: Axie Infinity hack, Sky Mavis Ronin breach.