Sky Mavis announced that they had halted the Ronin Bridge and Katana DEX, and were making changes to their network to try to guard against future attacks. They also wrote that they were "working with law enforcement officials, forensic cryptographers, and our investors to make sure all funds are recovered or reimbursed".
One of the most popular play-to-earn games, Axie Infinity, suffered an enormous hack to the Ronin network on which it runs. The project announced that a majority of Ronin validator nodes had been compromised — four belonging to the Sky Mavis company that builds Axie Infinity, and one belonging to the Axie DAO. After gaining control of the validators, they were able to approve malicious withdrawals of 173,600 ETH (about $600 million) and 25.5M USDC (a stablecoin, worth $25.5M). The $625 million loss was possibly the largest to date in the history of defi projects.
A bug in the Meter Passport smart contract allowed an attacker to pull 1400 ETH (~$4.2 million) and 2 wrapped Bitcoin (~$83,000) from the Meter Passport blockchain bridge. This was the second hack of a blockchain bridge in three days, following the enormous Wormhole Network exploit. Meter urged its users not to trade any meterBNB, which are currently unbacked, and wrote that they were "working on compensating funds to all affected users."
The Wormhole Network is a blockchain bridge between Solana and various other blockchains, allowing assets to be traded across the different and not otherwise interoperable chains. After an attacker was able to spoof a guardian account, Wormhole was exploited on February 2 for 120,000 wETH, or about $326 million. The network was taken down for maintenance, and Wormhole promised that "ETH will be added over the next hours to ensure wETH is backed 1:1". The parent company of Wormhole, Jump Trading, replaced the funds that had been drained; meanwhile, Wormhole offered a $10 million bounty to try to tempt the attacker into returning the funds. The hack was the fourth-largest cryptocurrency theft of all time, trailing behind the $480 million Mt. Gox theft in 2014, the $547 million Coincheck theft in 2018, and the $611 million Poly Network theft (that was later returned) in 2021.
Hackers stole approximately $611 million from the decentralized finance platform Poly Network in the largest cryptocurrency theft against a single platform to date. In a bizarre twist, the hacker returned the funds, and Poly Network offered them a position as a chief security advisor (though it is not clear if they accepted).