Scam Alert

Ronin – Axie Infinity Was Defeated By A Fake Job Offer

According to a new report, the investigation into the Ronin bridge hack by Axie Infinity has shown how hackers broke into the system by sending a “fake job offer” in PDF form to a engineer of Sky Mavis.

How was Axie Infinity defeated?

Ronin, the Ethereum-linked sidechain that underpins play-to-earn game Axie Infinity, lost $540 million in crypto to an exploit in March. All the evidence presented points to a North Korean hacker group known as Lazarus, the full details of how the exploit was carried out are yet to be revealed.

A recent report by The Block revealed that a fake job ad was Ronin’s undoing

According to sources who remain anonymous due to the sensitive nature of the case, a senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist.  

Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter. One source added that the approaches were made through the professional networking site LinkedIn

After multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package. The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded – allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network – leaving them just one validator short of total control. 

Validators fulfill various functions in blockchains, including the creation of transaction blocks and the updating of data oracles. Ronin uses a so-called “proof of authority” system for signing transactions, concentrating power in the hands of nine trusted actors.

But after successfully infiltrating Ronin’s systems through the fake job ad, the hackers had control of just four out of the nine validators – meaning they needed another in order to take control

In its post-mortem, Sky Mavis revealed that the hackers managed to use the Axie DAO (Decentralized Autonomous Organization) – a group set up to support the gaming ecosystem — to complete the heist. Sky Mavis had asked the DAO for help dealing with a heavy transaction load in November 2021. 

“The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allowlist access was not revoked, {…}Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator.”

Sky Mavis said in the blog post

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Foxy

CoinCu News

Victor

Recent Posts

Qubetics Presale Price Surge Approaches: The Best Coins to Invest in Right Now While Toncoin, and XRP Gain Traction

Discover why Qubetics, Toncoin, and XRP are the best coins to invest in right now.…

18 minutes ago

Book of Meme Old News? This Best Meme Coin to Invest in 2024 Is Multiplying Gains Like a Champ

Over the years, meme coins have evolved from inside jokes into serious investment opportunities.

1 hour ago

Time’s Ticking on BlockDAG’s 5-Tier Bonus- Few Days Left to Grab It While Cardano Whales Take Action, Aave Rallies Strong

Discover BlockDAG's five-tier bonus program's closing phases that enhance buyer holdings. Gain insights on the…

2 hours ago

Best Altcoins to Buy for 2025: Qubetics Presale Surge, Solana’s Lightning Speed, and Cardano’s Blockchain Revolution

Discover why Qubetics, Solana, and Cardano are redefining the crypto landscape. Learn about milestones, price…

3 hours ago

Why Qubetics, NEAR Protocol, and IMX Are Dominating Crypto: The Best Altcoins to Join Today for Game-Changing Returns 

Discover why Qubetics, NEAR Protocol, and Immutable X are the best altcoins to join today,…

5 hours ago

Bonk’s ICO Was Just the Start: Why BTFD Coin’s Stage 7 Price Rollback Is Your Second Shot at Crypto Glory

BTFD Coin is offering a chance to relive the glory days of meme coin investing,…

6 hours ago

This website uses cookies.