Axie Infinity's $500m+ Hack Was Reportedly Caused by a Fake Job Offer
In March, Axie Infinity went from being one of the most promising blockchain games with players earning enough money to make a living to a prime example of what can go wrong with cryptocurrency technology if things aren’t handled deftly. The primary cause of this was a hack which saw Sky Mavis losing 173,600 Ethereum (about $591.2 million) from the Ethereum-linked Ronin sidechain powering the game.
A recent report by The Block has revealed the cause of this massive hack: A fake job offer on LinkedIn.
Fake job offer undos Axie Infinity
According to The Block which cited two anonymous sources with knowledge of the incident, multiple employees working for Sky Mavis were approached by hackers who were posing as job recruiters on Linkedin. When one senior engineer took the bait after attending multiple interviews, he was presented with an “extremely generous” fake compensation package.
This compensation package was delivered to him via a PDF file, which allowed spyware to infiltrate the Ronin servers and gain access to four out of the nine Ronin validator nodes, which left them just one short of taking over the network. They also used a separate organization named the Axie DAO (Decentralized Autonomous Organization) to gain access to the fifth node and obtain full control of Ronin.
They then drained Sky Mavis' treasury of Ethereum and USDC cryptocurrency, worth about $625 million at the time. This money is yet to be recovered from the hackers-who are suspected to be North Korean hacker group Lazarus by the U.S. government.
Sky Mavis has previously disclosed that the employee who compromised Sky Mavis’ IT infrastructure and the Ronin Validators was no longer working in the company.
Following the hack, Sky Mavis raised $150 million in April to reimburse players who lost money due to this exploit. The company has also restarted the Ronin bridge, with stricter security measures, which includes the addition of a circuit-breaker for large-scale transactions and an increase in the number of Ronin validator nodes, boosting it to 11.