Axie Infinity Co-Founder Loses $9.7 Million in Personal Wallet Hack as Funds Funneled Through Tornado Cash

The cryptocurrency world faces another stark reminder of the persistent security challenges confronting even its most prominent figures, as Jeff “Jihoz” Zirlin, co-founder of the wildly popular blockchain game Axie Infinity, confirms that two of his personal wallets were compromised on February 23, 2024. The attack resulted in the theft of approximately 3,248 Ethereum (ETH), valued at roughly $9.7 million at the time of the breach.

TL;DR

• Axie Infinity co-founder Jeff “Jihoz” Zirlin lost $9.7 million from two compromised personal wallets
• Over 3,248 ETH and 3 million RON tokens were drained in the attack
• Stolen funds were quickly moved through Tornado Cash, a sanctioned crypto mixer
• Zirlin confirmed the hack was limited to personal accounts and did not affect Ronin chain operations
• The incident comes nearly two years after the $625 million Ronin Bridge hack attributed to North Korean hackers

The Attack Unfolds

Blockchain security firm PeckShield first flagged the suspicious activity on February 23, reporting a significant wallet compromise on the Ronin Network. The on-chain investigators tracked the movement of over 3,248 ETH being withdrawn from the Ronin Bridge, along with more than 3 million RON tokens that were drained and subsequently sold for Ethereum. The sudden sale of such a large volume of RON tokens caused an immediate 9% drop in the token’s market price.

Zirlin took to social media to address the situation directly. “This has been a tough morning for me. Two of my addresses have been compromised,” he wrote. “The attack is limited to my personal accounts, and has nothing to do with validation or operations of the Ronin chain. Additionally, the leaked keys have nothing to do with Sky Mavis operations.”

The co-founder was quick to reassure the community that the broader Axie Infinity ecosystem and the Ronin Network remained secure and fully operational. Aleksander Larsen, co-founder and COO of both Axie Infinity and the Ronin Network, corroborated Zirlin’s statement, emphasizing that the bridge itself maintains top-tier security standards.

Funds Laundered Through Tornado Cash

Following the theft, analysts traced the stolen funds to Tornado Cash, a cryptocurrency mixer designed to obscure the origin of digital assets. The U.S. government has sanctioned Tornado Cash, and the mixer was previously used by North Korean hackers to launder funds from the infamous 2022 Ronin Bridge attack. The use of Tornado Cash in this incident raises questions about whether state-sponsored actors may have been involved once again, though no formal attribution has been made.

The method of the attack remains unclear. Zirlin has not yet disclosed how the hackers gained access to his personal wallets, and investigations are ongoing. Security firm Ancilia initially suggested that the Ronin Bridge itself might have had an issue, but this was swiftly refuted by the Ronin team, who clarified that the bridge undergoes regular audits and automatically pauses when unusual withdrawal volumes are detected.

Shadow of the 2022 Ronin Hack

The incident inevitably draws comparisons to the devastating March 2022 hack of the Ronin Bridge, which saw approximately $625 million worth of Ethereum and USDC stolen in what remains one of the largest DeFi exploits in history. The FBI subsequently attributed that attack to Lazarus Group, a North Korean state-sponsored cybercrime organization. The 2022 hack was executed through a combination of social engineering, including a malicious PDF delivered under the guise of a job offer, which compromised five of the network’s nine validators.

While this latest incident is significantly smaller in scale and limited to personal accounts rather than infrastructure, it underscores the ongoing vulnerability of key figures in the cryptocurrency space. The fact that a co-founder of one of the most recognized blockchain gaming platforms could be targeted successfully highlights that no individual, regardless of their expertise or resources, is immune to sophisticated cyberattacks.

Market Impact and Broader Context

The hack occurred against a backdrop of a broader crypto market trading slightly lower on the day. Bitcoin was hovering around $50,700, while Ethereum itself traded near $2,920. The RON token’s 9% decline following the exploit added to the day’s negative sentiment for gaming-focused tokens.

Axie Infinity, which pioneered the play-to-earn gaming model during the 2021 bull market, has seen its token decline significantly from all-time highs. The game’s popularity, particularly in Southeast Asia, helped establish Ronin Network as a dedicated sidechain for gaming transactions, avoiding the high fees associated with Ethereum’s mainnet.

Why This Matters

The Jihoz wallet hack is a sobering illustration that personal security hygiene remains the weakest link in the cryptocurrency ecosystem. Even individuals deeply immersed in blockchain technology and security practices can fall victim to targeted attacks. The speed with which stolen funds were routed through Tornado Cash demonstrates the ongoing challenge of tracing and recovering stolen digital assets. For the broader crypto community, the incident reinforces the critical importance of hardware wallets, multi-signature setups, and operational security measures—especially for high-profile individuals whose public profiles make them attractive targets for sophisticated threat actors.

Disclaimer: This article is for informational purposes only and does not constitute financial advice. Cryptocurrency investments carry significant risk, and readers should conduct their own research before making any investment decisions.