In brief

  • The bridge that connects NFT game Axie Infinity’s Ronin sidechain to the Ethereum mainnet is back online.
  • It was taken down in late March after $622 million worth of crypto assets (at the time of disclosure) were stolen through an exploit.

Axie Infinity, the most successful NFT-based video game in terms of total trading volume, suffered one of the largest DeFi hacks of all time in March. Now, the exploited bridge that connects the game’s sidechain to Ethereum has been restored.

Today, Axie Infinity developer Sky Mavis announced that the Ronin bridge is finally back online, almost three months to the day since the studio disclosed the hack. Users can now make deposits to—and withdrawals from—the Ronin network.

The bridge, which allows users to transfer assets between the Ronin sidechain and Ethereum’s mainnet, was hacked on March 23, with the attackers taking 173,600 ETH and 25.5 million USDC stablecoin in the process.

Collectively, the assets were worth about $552 million at the time of the attack, and $622 million by the time that Sky Mavis revealed the exploit on March 29. (Currently, following a wider cryptocurrency market decline, those assets are worth about $232 million.)


In April, the United States Treasury connected the Ronin bridge attack to the Lazarus Group, an infamous North Korean state-sponsored group of hackers. Lazarus had previously been tied to the 2017 WannaCry ransomware attack, 2014’s Sony Pictures hack, and other exploits.

Last week, Sky Mavis announced plans to relaunch the Ronin bridge, revealing that a hard fork of the network was required to resume functionality. In other words, all Ronin validators had to update their software to enable the restart. The firm conducted an internal audit of the code, along with external audits from both Verichains and Certik.

Ronin users who had funds stolen in the attack have been refunded, Sky Mavis announced. “All users have been made whole,” the firm wrote in a blog post today.


According to the post, 56,000 ETH belonged to the Axie DAO, or decentralized autonomous organization, and those community funds will remain unaccounted for as Sky Mavis works with law enforcement to try and recover those assets. If the funds are not recovered within two years, then the Axie DAO will vote on what to do with its treasury.

Another 46,000 ETH from the total was already withdrawn from Ronin via a separate bridge that cryptocurrency exchange Binance launched in April. That leaves a total of 117,600 ETH and 25.5 million USDC that Sky Mavis has refunded to affected users, with those assets worth about $165 million at present.

Sky Mavis raised $150 million in additional funding in April to help deal with fallout from the Ronin bridge attack. The round was led by Binance, alongside Andreessen Horowitz and others.

The Axie Infinity creator admitted that the Ronin bridge had been vulnerable due to insufficient decentralization, with the firm itself controlling nearly half of the validators that approved transactions. Ultimately, the attacker was able to access five of the nine total validators through “hacked private keys,” the firm said, and sign transactions to steal the funds.

Sky Mavis planned to incorporate additional community validators for Ronin, with investor Animoca Brands planning to operate one. In today’s post, the studio also said that it’s implemented a “circuit breaker” mechanism that brings human oversight to large-scale transactions, as well as an overall daily withdrawal limit for the Ronin bridge.

Aside from the hack in March, Axie Infinity has lost significant momentum since late 2021, with NFT trading volume and game token prices both cratering.

The play-to-earn game has seen less than $3.5 million worth of NFT trading over the past 30 days, per data from CryptoSlam, less than a year after hitting a monthly peak of $848 million last August. The AXS governance token is down 91% from its peak price, meanwhile, with the SLP reward token down 99% from its own all-time high.

Stay on top of crypto news, get daily updates in your inbox.