Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

apegurus/ronin-bridge

Name: ronin-bridge
Author: apegurus

skills/case-studies/ronin-bridge/SKILL.md

npx skillsauth add apegurus/solidity-argus ronin-bridge

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Ronin Bridge (2022)

Overview

In March 2022, the Ronin Network, an Ethereum-linked sidechain for the Axie Infinity game, was exploited for 173,600 ETH and 25.5M USDC (worth ~$625M). This was not a smart contract bug but a social engineering attack that led to the compromise of 5 out of 9 validator private keys.

Root Cause

The Ronin bridge required 5 out of 9 validator signatures to authorize withdrawals. The attacker (Lazarus Group) used a fake job offer to compromise a developer's computer, gaining access to 4 validator keys held by Sky Mavis. They also gained access to a 5th validator key held by the Axie DAO, which had been granted a temporary "allowance" to sign on behalf of Sky Mavis during a period of high traffic and was never revoked.

Attack Flow

Attacker used social engineering (fake job interview/PDF) to plant malware on a Sky Mavis engineer's laptop.
Attacker extracted 4 validator private keys from Sky Mavis infrastructure.
Attacker discovered an RPC backdoor to the Axie DAO validator, which had been authorized to sign for Sky Mavis months earlier.
With 5 keys, the attacker had the supermajority needed to sign withdrawal transactions.
Attacker submitted two withdrawal transactions to the Ronin bridge on Ethereum, draining the funds.

Impact

Loss: ~$625M
Protocol: Ronin Bridge (Sky Mavis)
Chain: Ronin / Ethereum
Date: 2022-03-23 (Discovered 2022-03-29)

Key Transactions

Withdrawal tx 1: 0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a691f6d7b3
Withdrawal tx 2: 0xed2c1225a57b6811c570930c7e9996a8a18b19a472f5502013f80f53c7a32730

Detection Heuristics

Pattern 1: Low validator count (centralization risk).
Pattern 2: Long-standing "temporary" permissions or allowances in governance/bridge contracts.

Remediation

Fix 1: Increase the number of validators and the threshold for consensus (Ronin moved to 21 validators).
Fix 2: Implement strict security protocols for validator key management (HSMs, multi-party computation).
Fix 3: Regular audits of off-chain infrastructure and social engineering training for employees.

References

rekt.news/ronin-rekt/
roninchain.com/blog/posts/community-alert-ronin-bridge-exploit-post-mortem

apegurus/ronin-bridge

skills/case-studies/ronin-bridge/SKILL.md

Case study of the 2022 Ronin Bridge exploit: compromised validator keys draining ~$625M

data-ai

Updated May 13, 2026

$ install --global

skillsauth

npx skillsauth add apegurus/solidity-argus ronin-bridge

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 13, 2026, 3:23 AM236.0s1 file scanned

SKILL.md

name:: ronin-bridge
description:: Detects validator-only functions. While not a bug, it highlights the critical trust points in the system.
category:: reference
source_url:: https://rekt.news/ronin-rekt/
source_license:: CC0
imported_at:: 2025-02-20T00:00:00Z
- regex:: onlyValidator
severity:: Low

Ronin Bridge (2022)

Overview

Root Cause

Attack Flow

Attacker used social engineering (fake job interview/PDF) to plant malware on a Sky Mavis engineer's laptop.
Attacker extracted 4 validator private keys from Sky Mavis infrastructure.
Attacker discovered an RPC backdoor to the Axie DAO validator, which had been authorized to sign for Sky Mavis months earlier.
With 5 keys, the attacker had the supermajority needed to sign withdrawal transactions.
Attacker submitted two withdrawal transactions to the Ronin bridge on Ethereum, draining the funds.

Impact

Loss: ~$625M
Protocol: Ronin Bridge (Sky Mavis)
Chain: Ronin / Ethereum
Date: 2022-03-23 (Discovered 2022-03-29)

Key Transactions

Withdrawal tx 1: 0xc28fad5e8d5e0ce6a2eaf67b6687be5d58113e16be590824d6cfa1a691f6d7b3
Withdrawal tx 2: 0xed2c1225a57b6811c570930c7e9996a8a18b19a472f5502013f80f53c7a32730

Detection Heuristics

Pattern 1: Low validator count (centralization risk).
Pattern 2: Long-standing "temporary" permissions or allowances in governance/bridge contracts.

Remediation

Fix 1: Increase the number of validators and the threshold for consensus (Ronin moved to 21 validators).
Fix 2: Implement strict security protocols for validator key management (HSMs, multi-party computation).
Fix 3: Regular audits of off-chain infrastructure and social engineering training for employees.

References

rekt.news/ronin-rekt/
roninchain.com/blog/posts/community-alert-ronin-bridge-exploit-post-mortem

Related Skills

apegurus/vector-scan

testing

VerifiedTrustedCommunity

Specialist profile for mechanically applying the attack-vector deck and classifying vectors as skip, drop, or investigate.

SKILL.mdUpdated May 30, 2026

apegurus/periphery

tools

VerifiedTrustedCommunity

Specialist profile for libraries, helpers, base contracts, adapters, encoders, wrappers, and integration glue.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

testing

VerifiedTrustedCommunity

Specialist profile for rounding, scale, decimal, downcast, and arithmetic accounting edge cases.

SKILL.mdUpdated May 30, 2026

apegurus/math-precision

apegurus/invariant

testing

VerifiedTrustedCommunity

Specialist profile for extracting conservation laws and state couplings, then searching for violating paths.

SKILL.mdUpdated May 30, 2026

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/apegurus/solidity-argus.git

# Copy into Claude Code skills folder (global)
cp -r solidity-argus/skills/case-studies/ronin-bridge ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

apegurus/solidity-argus

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT