Axie Infinity Developers ‘Made Some Trade-offs’ That Enabled $625M Ronin Breach

The game’s creator, Sky Mavis, has raised $150 million to reimburse users affected by the theft

article-image

Blockworks Exclusive art by axel rangel

share

key takeaways

  • Hackers breached the Ronin Network for over $625 million on March 29
  • On Wednesday, Binance said that it has fully resumed withdrawals and deposits on the Ronin Network

A week after one of the largest cryptocurrency hacks to date — a $625 million breach on the Ronin Network bridge — Sky Mavis, the company that built it, acknowledged that its haste to grow the platform’s user base may have caused it to cut corners on security.

The Ronin Network is an Ethereum-linked sidechain used for blockchain game Axie Infinity. The bridge connecting it to the Ethereum mainnet was exploited, and an attacker drained 25.5 million USDC and 173,600 ETH on March 29, totaling about $625 million.

“While racing for mainstream adoption, we made some trade-offs that ended up leaving us vulnerable to this sort of attack,” Axie Infinity said in a blogpost. “It’s a lesson that we’ve learned the hard way.”

Sky Mavis announced a $150 million raise, led by Binance, to reimburse affected users. Other contributors to the round include Paradigm, Animoca Brands, Dialectic, Accel and Andreesen Horowitz.

“Sky Mavis is committed to reimbursing all of our users’ lost funds and implementing rigorous internal security measures to prevent future attacks,” Trung Nguyen, chief executive of Sky Mavis, said in the Wednesday statement.

On Wednesday, Binance said that it has fully resumed withdrawals and deposits on the Ronin Network after suspending them last week.

“In order for the global ecosystem to continue thriving and maturing, it is imperative that we work together, especially when it comes to security, which is our strong suit,” Changpeng “CZ” Zhao, chief executive of Binance, said in a statement.

Of the stolen ether, more than 170,000 ETH remains in the attacker’s wallet, and thousands of ETH have been transferred to Tornado Cash, a privacy tool for Ethereum.

“Sky Mavis’ Ronin chain currently consists of 9 validator nodes. In order to recognize a Deposit event or a Withdrawal event, five out of the nine validator signatures are needed,” per the breach’s announcement. “The attacker managed to get control over Sky Mavis’s four Ronin Validators and a third-party validator run by Axie DAO.”

The Ronin Network bridge will reopen, Sky Mavis said, once it has undergone significant audits and security upgrades, which can take several weeks.

Among the security improvements, Sky Mavis will increase the validator group to 21 validators within the next three months, which will be split among various stakeholders including partners, community members and long-term allies.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research

article-image

Tariff front-running may have caused an artificial bounce in economic data earlier this year

article-image

Waka Flocka Flame-linked BaseDrop is raising some eyebrows

article-image

IPO’ing onchain, Ethereum scaling, and using AI for ZK

article-image

A Brexit-themed celebration of Bitcoin’s catchphrases

article-image

Judge Analisa Torres said the parties have not demonstrated that vacating her prior ruling is in the best interest of the public

article-image

Prediction markets have found a mainstream fit