At the end of last March, Axie Infinity suffered a theft of cryptocurrencies at the time valued at 620 million dollars. This occurred after a breach of the Ronin blockchain, created by Sky Mavis as a key piece of its game infrastructure. play-to-earn. And although the firm reimbursed the stolen crypto assets and took the corresponding security measures in its network, hitherto unknown details of the event emerged in the last few hours.
As published The Blockthe origin of the attack on the Ronin blockchain —and, therefore, on Axie Infinity– it was an elaborate hoax perpetrated against an engineer who was part of the team in charge of developing the popular game. The aforementioned medium is based on two sources with direct knowledge of the situation, who assure that the trap was created through a bogus job offer.
In your post-hack report, Sky Mavis had already mentioned that one of its employees had been “compromised”. However, the company never gave specific explanations about what had happened or how it had happened. For this reason, the data that has been revealed in the last few hours is so shocking.
A false job offer, key in the theft of cryptocurrencies from Axie Infinity
The Block explains that the team Axie Infinity was approached at the beginning of the year by a fake company that, through LinkedIn, encouraged them to apply for very competitive jobs. A “senior engineer” took the bait and was exposed to hackers.
Thus, after several interviews, the supposed company offered a job to the individual in question. Needless to say, it was all a hoax. The proposal, which promised significant financial compensation, was delivered via a PDF infected with spyware. By downloading it to his computer, the developer inadvertently opened the door for hackers to access the Ronin blockchain infrastructure.
In this way, cybercriminals gained control over four of the nine validator nodes in the network. But this was still not enough for them to move the funds in cryptocurrencies, since they needed one more cryptographic signature. That is why they also attacked Axie DAO —the decentralized autonomous organization of Axie Infinity—, achieving the missing validation.
A well-known tactic, but still effective
It’s common for hackers to target employees of big tech companies as they try to gain access to their systems. Last year, for example, hackers who broke into Electronic Arts used cookies stolen to enter the company’s Slack channels and request access credentials by posing as a real worker.
In the case of Axie Infinity and Sky Mavis, has the aggravating circumstance of giving in a time of great boiling of crypto/NFT/web3 projectsregardless of market fluctuations. And it’s also not surprising that the employee attacked by the hackers no longer works for the company that developed the famous game. play-to-earn.
The Ronin hack and subsequent extraction of funds from Axie Infinity has been linked to Lazarus, a North Korean-sponsored hacker group. Of the total stolen, so far only about 6 million dollars have been recovered that were tried to “launder” through Binance. To return the stolen crypto assets to users, meanwhile, Sky Mavis raised $150 million in a financing round.