Sky Mavis reported that the March 2022 Ronin bridge breach let an attacker control five of nine validator private keys and drain 173,600 ETH plus 25.5 million USDC in two forged withdrawals. The company said an employee compromise enabled access into Sky Mavis infrastructure and validator nodes, while an old Axie DAO allowlist on a gas-free RPC endpoint allowed the attacker to obtain the additional validator signature. The postmortem states that the FBI attributed the breach to North Korea-based Lazarus Group and that the Treasury Department sanctioned the wallet receiving the stolen funds. Sky Mavis described follow-on security changes including more validators, stricter internal procedures, zero-trust controls, external forensics support, and a redesigned bridge.