Ronin Network, an Ethereum sidechain used by Axie Infinity, suffered a bridge exploit that drained 173,600 ETH and 25.5 million USDC. The body attributes the incident to compromise of validator private keys rather than a smart contract code flaw: the attacker controlled four validator keys and obtained the Axie DAO validator key through an exposed access path. With five approvals enough to validate withdrawals, the attacker sent fraudulent transactions to the Ethereum-side Ronin contract, which treated them as valid. Ronin halted the bridge and Katana DEX, disabled the validators used in the attack, and raised the approval threshold from five of nine validators to eight of nine.