Jeffrey Zirlin Hack
Incident Overview
Jeffrey Zirlin "Jihoz", Axie Infinity co-founder, experienced a private key compromise, resulting in a loss of approximately 9,700,000 USD.
On February 23, 2024, Jihoz_Axie tweeted on his X (formerly twitter) about compromise of his two personal wallet addresses,. The attacker stole assets from these wallets, swapped them to Ronin WETH, and bridged them to the Ethereum mainnet using Axie Infinity:Ronin Bridge. The stolen funds were then transferred to other EOA addresses and eventually deposited into TornadoCash through several addresses.
Attacker Address:
https://ronin.bloks.io/address/0x39f81797…713105
Additional Attacker's Addresses:
https://etherscan.io/address/0xA4017DE6…eD13b2
https://etherscan.io/address/0x73f428e1…dEC8B8
Malicious Transactions:
https://ronin.bloks.io/transaction/0xe5fcb3ea…937003
https://ronin.bloks.io/transaction/0x002e0c22…a68d1f
https://ronin.bloks.io/transaction/0x87841c81…27830e
TornadoCash Deposit Transactions:
https://etherscan.io/tx/0xeb112a22…669ab9
https://etherscan.io/tx/0x24055d9a…a1a5c7
Incident Report
Protocol Information
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to Jeffrey Zirlin, these are the critical security checks that could have prevented this incident (February 2024).
- Verify all logic paths related to Access Control are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialRelated Attack Classes
The technique used in this hack maps to these vulnerability classes in our security curriculum:
Sources & References
Learn to Prevent the Next Jeffrey Zirlin
The Jeffrey Zirlin hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.