Jeff “Jihoz” Zirlin, a co-founder of Axie Infinity and the Ronin Network, recently fell victim to a major cryptocurrency theft. Hackers compromised two of his crypto wallet addresses, stealing approximately $9.7 million in Ether (ETH). The stolen funds, totaling 3,248 ETH, were then laundered through Tornado Cash, a platform known for its ability to obscure the origins of digital assets.
Immediate Response to the Hack
The breach was first detected by blockchain security firm PeckShield, which noted the large withdrawal from the Ronin Bridge and attributed it to a compromised “whale wallet.” Aleksander Larsen, another co-founder of the Ronin Network, quickly clarified that the breach resulted from a wallet hack rather than a flaw in the Ronin Bridge’s security. He assured that the bridge, having undergone thorough audits, is equipped with mechanisms to halt suspiciously large withdrawals.
Zirlin confirmed the hack of his wallets shortly after, emphasizing that the incident was isolated to his accounts and did not affect the Ronin chain or Sky Mavis’s operations. He reassured the community of the stringent security measures in place for all chain-related activities.
Investigation and Findings
PeckShield concluded that the incident stemmed from a wallet compromise, allowing unauthorized fund transfers. Although the specific circumstances leading to the wallet keys’ exposure remain undisclosed, it’s clear that the breach allowed hackers to access Zirlin’s wallets without permission.
The investigation revealed that the hackers initially divided the stolen ETH among three separate wallets before funneling the assets through Tornado Cash. This method is frequently used by cybercriminals to hide the stolen funds’ origins and ownership, making recovery efforts more challenging.
Contrast in Hacker Tactics
Interestingly, the method employed by Zirlin’s hackers contrasts with that of another recent incident involving a co-founder’s wallet. In the latter case, the attackers did not use mixers or decentralized exchanges to conceal their identity, enabling Binance to track and freeze some of the stolen funds.
