Ronin Network (Bridge): Compromised Validator Keys + Unrevoked Whitelist Access
Lazarus Group stole $624M from Ronin Bridge by compromising 4 Sky Mavis validator keys and leveraging a 4-month-old unrevoked whitelist to obtain the 5th signature — and nobody noticed for 6 days.
Summary #
Ronin Network (Bridge) suffered a Bridge / Gaming Infrastructure on 2022-03-29, resulting in a loss of approximately $624M.
What happened #
Lazarus Group stole $624M from Ronin Bridge by compromising 4 Sky Mavis validator keys and leveraging a 4-month-old unrevoked whitelist to obtain the 5th signature — and nobody noticed for 6 days.
Linked factors #
- RD-F-007 — related : Bug bounty absent — baseline integrity gap [via dashboard_risk_factors/Bug bounty: Unknown]