Hackers used fake job offer to steal $540 million from Axie Infinity

Hackers used fake job offer to steal $540 million from Axie Infinity

It has come to light that the $540 million hacks of Axie Infinity's Ronin Bridge, which occurred toward the end of March 2022, was the result of one of the company's former employees falling for a fake job offer posted on LinkedIn.

According to a report that was published by The Block the previous week and cites two people who are familiar with the matter, a senior engineer at the company was tricked into applying for a job at a company that does not exist, which caused the individual to download a fake offer document disguised as a PDF. The report was based on the statements of two people who are familiar with the situation.

According to a report from the Block, a Sky Mavis engineer was offered a job with an extremely generous compensation package after what one source described as multiple rounds of interviews.

After that, the offer document was used as a conduit to deploy malware that was designed to breach Ronin's network, which ultimately allowed for one of the largest hacks in the cryptocurrency sector to take place to this day.

A post-mortem investigation conducted by the company in April revealed the following: "Sky Mavis employees are under constant advanced spear-phishing attacks on various social channels, and one employee was compromised."

"Sky Mavis is no longer using the services of this former employee. Because of this access, the attacker was able to break into Sky Mavis's information technology infrastructure and gain access to the validator nodes."

In April 2022, the United States Treasury Department pointed the finger of blame at North Korea's Lazarus Group, an adversarial collective that had a history of carrying out attacks against the cryptocurrency industry in order to amass funds for the hermit kingdom.

Since at least August 2020, when an Israeli cybersecurity firm known as ClearSky dubbed a campaign they were running "Operation Dream Job," the advanced persistent threat has used fake job offers as a social engineering lure. This tactic has been used for a long time.

In its T1 Threat Report for 2022, ESET noted how actors operating under the Lazarus umbrella have utilized fake job offers through social media platforms such as LinkedIn as part of their strategy for attacking defense contractors and aerospace companies.

Although Ronin's Ethereum bridge was relaunched in June, three months after the hack, it is suspected that the Lazarus Group is also responsible for the recent theft of $100 million worth of alternative cryptocurrencies from the Harmony Horizon Bridge.

The findings come at the same time that blockchain projects centered around Web 3.0 have lost more than $2 billion to hacks and exploits in the first six months of this year, as disclosed in a report by blockchain auditing and security company CertiK last week.


Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post