Article 615KX How a Fake Job Offer Took Down the World's Most Popular Crypto Game

How a Fake Job Offer Took Down the World's Most Popular Crypto Game

by
BeauHD
from Slashdot on (#615KX)
An anonymous reader quotes a report from The Block: Ronin, the Ethereum-linked sidechain that underpins play-to-earn game Axie Infinity, lost $540 million in crypto to an exploit in March. While the US government later tied the incident to North Korean hacking group Lazarus, full details of how the exploit was carried out have not been disclosed. The Block can now reveal that a fake job ad was Ronin's undoing. According to two people with direct knowledge of the matter, who were granted anonymity due to the sensitive nature of the incident, a senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist. Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter. One source added that the approaches were made through the professional networking site LinkedIn. After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package. The fake "offer" was delivered in the form of a PDF document, which the engineer downloaded -- allowing spyware to infiltrate Ronin's systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network -- leaving them just one validator short of total control. [...] In its post-mortem, Sky Mavis revealed that the hackers managed to use the Axie DAO (Decentralized Autonomous Organization) -- a group set up to support the gaming ecosystem -- to complete the heist. Sky Mavis had asked the DAO for help dealing with a heavy transaction load in November 2021. [...] A month after the hack, Sky Mavis had increased the number of its validator nodes to 11, and said in the blog post that its long-term goal was to have more than 100. Sky Mavis declined to comment on how the hack was carried out when reached. Earlier today, ESET Research published an investigation showing that North Korea's Lazarus had abused LinkedIn and WhatsApp by posing as recruiters to target aerospace and defense contractors. But the report did not tie that technique to the Sky Mavis hack. The Block notes that Axie Infinity "boasted 2.7 million daily active users and $214 million in weekly trading volume for its in-game NFTs in November last year -- although both numbers have since plummeted." Users affected by the exploit will be reimbursed via the company's funds, along with the $150 million it raised in a round led by Binance in early April. "The company said recently that it would begin returning funds to users on June 28," adds the report.

twitter_icon_large.pngfacebook_icon_large.png

Read more of this story at Slashdot.

External Content
Source RSS or Atom Feed
Feed Location https://rss.slashdot.org/Slashdot/slashdotMain
Feed Title Slashdot
Feed Link https://slashdot.org/
Feed Copyright Copyright Slashdot Media. All Rights Reserved.
Reply 0 comments