Axe Infinity was the paragon of crypto gaming last year when it reached up to 2.7 million daily active users with its play-to-earn formula last November. But that all collapsed in March when hackers stole $625 million from the Ethereum-connected Ronin sidechain that powers the game. Now it turns out that the source of this hack came from an unlikely source: a fake job posting from LinkedIn.
As The block Report about The edge) based on two sources infiltrated by hackers Axe Infinity owner Sky Mavin’s network by sending a spyware-filled PDF file to an employee. This person thought they were going to take a high-paying job from another company, but it turns out that company never existed. According to the US government, the North Korean hacker group Lazarus is behind the attack.
“Employees are constantly exposed to advanced spear phishing attacks on various social channels, and one employee has been compromised,” noted Sky Mavis in a post-mortem blog post following the hack. “This employee no longer works at Sky Mavis. The attacker managed to use this access to penetrate the Sky Mavis IT infrastructure and gain access to the validation nodes.”
Axe Infinity was brought back up last week and still relies on the Ronin sidechain, albeit with tighter security measures. The company increased its number of validator nodes from 9 to 11 in April, making it harder for attackers to take control of the network. (Lazarus gained access to 5 nodes to achieve his hack, including one from Axie DAO [Decentralized Autonomous Organization].) And it also implements a “circuit breaker” system to flag large withdrawals.
Although this hack was clearly meticulously planned and required a significant amount of technical skill, it ultimately hung on a classic vulnerability: social engineering.
All products recommended by Engadget are selected by our editorial team, independently of our parent company. Some of our stories contain affiliate links. If you buy something through one of these links, we may receive an affiliate commission.
https://www.engadget.com/axie-infinity-blockchain-hack-fake-job-offer-210017305.html?src=rss Elaborate hack of ‘Axie Infinity’ tied to fake LinkedIn job offer