Phishing Scam Reportedly Behind $540 Million Axie Infinity Hack

When a phishing attempt hits the creator, Axies fights.

image: Sky Mavis

NFT Pokemon clone Axie Infinity From a well-known player who is profitable from “play to earning” game scams, he has become notorious for being hacked from a $ 540 million cryptocurrency.According to now New report by block I know what made a security breach possible: Sophisticated social-engineered phishing attempts at LinkedIn Robot..

For those unfamiliar with Axie grift, developer Sky Mavis has developed an Ethereum-linked sidechain called the Ronin Network. Axie Infinity..Borrow mechanics from something like Pokemon, NeopetsWhen Haasstone, players were invited to win Ethereum-based cryptocurrencies by shattering in-game, and for some time it made huge profits as new players poured their time and money into the platform. Was there.Then earlier this year the company Hit all kinds of obstaclesFrom stagnant growth to currency inflation, and above all, The biggest crypto hack ever..

Developer Sky Mavis revealed in April that a security breach was possible by employees who were “breached” by “advanced spear phishing attacks.” “The attackers could use that access to break into the SkyMavis IT infrastructure and access the validator nodes,” the company said. I wrote at that time..

block Now reportBased on two sources, who know the case directly, the employee in question Axie Infinity And the way to infiltrate their computer was a job that was too good and untrue.

according to blockA scammer representing a fake company approached engineers through LinkedIn, encouraged them to apply for a job, and was held Many After repeated interviews, we finally made a job offer that included a “very generous reward package.” However, the offer was included in the PDF file.

After the mark downloaded it, spyware was reportedly able to infiltrate the Ronin Network’s systems and grant hackers access to four of the five nodes (out of nine total) they needed to cash out. Access to the fifth was obtained through something called the Axie DAO—a separate organization which Sky Mavis had enlisted to help with the influx of transactions during the height of Axie Infinity’s popularity. Sky Mavis had failed to remove DAO’s access from its systems after its help was no longer needed.

One of the much-heralded appeals of blockchain technology is its ability to make databases public and accessible to all while still keeping them secure. But any locked door, no matter how strong, is only as secure as the person holding the key to it. Here with Axie Infinity, the vulnerability of Sky Mavis’ employees was compounded by careless shortcuts it took to stay on top of the game’s meteoric growth last fall. (Sky Mavis has since increased its total validator nodes to 11, with long-term plans to have over 100.)

Of course, in the meantime the company still needs to pay back everyone who lost money in the hack. In April, it Raise another $ 150 million, Partly to reintegrate the existing player base. That same month FBI identifies North Korean hackers as “Lazarus Group” As the culprit behind Axie Infinity strike.Federal law enforcement agencies have recently Warned companies about accidentally hiring North Korean hackers As a remote IT specialist.

Leave a Reply

Your email address will not be published. Required fields are marked *