Scam Alert

Ronin – Axie Infinity Was Defeated By A Fake Job Offer

According to a new report, the investigation into the Ronin bridge hack by Axie Infinity has shown how hackers broke into the system by sending a “fake job offer” in PDF form to a engineer of Sky Mavis.

How was Axie Infinity defeated?

Ronin, the Ethereum-linked sidechain that underpins play-to-earn game Axie Infinity, lost $540 million in crypto to an exploit in March. All the evidence presented points to a North Korean hacker group known as Lazarus, the full details of how the exploit was carried out are yet to be revealed.

A recent report by The Block revealed that a fake job ad was Ronin’s undoing

According to sources who remain anonymous due to the sensitive nature of the case, a senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist.  

Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter. One source added that the approaches were made through the professional networking site LinkedIn

After multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package. The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded – allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network – leaving them just one validator short of total control. 

Validators fulfill various functions in blockchains, including the creation of transaction blocks and the updating of data oracles. Ronin uses a so-called “proof of authority” system for signing transactions, concentrating power in the hands of nine trusted actors.

But after successfully infiltrating Ronin’s systems through the fake job ad, the hackers had control of just four out of the nine validators – meaning they needed another in order to take control

In its post-mortem, Sky Mavis revealed that the hackers managed to use the Axie DAO (Decentralized Autonomous Organization) – a group set up to support the gaming ecosystem — to complete the heist. Sky Mavis had asked the DAO for help dealing with a heavy transaction load in November 2021. 

“The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allowlist access was not revoked, {…}Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator.”

Sky Mavis said in the blog post

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join CoinCu Telegram to keep track of news: https://t.me/coincunews

Follow CoinCu Youtube Channel | Follow CoinCu Facebook page

Foxy

CoinCu News

Victor

Recent Posts

Zircuit Launches ZRC Token: Pioneering the Next Era of Decentralized Finance

George Town, Grand Cayman, 22nd November 2024, Chainwire

12 minutes ago

Inflation Warning By Vanguard Amid Tariffs And Labor Issues

Inflation Warning by Vanguard highlights risks during Trump’s term, citing tariffs and tighter labor markets…

28 minutes ago

Clanker Token Trading Volume Hits $59.8 Million High

Clanker token trading volume hit $59.8M on Nov 21, accounting for 14.75% of PumpFun. Fee…

56 minutes ago

Bitcoin Spot ETF Inflows Hit $1 Billion Led By BlackRock

Bitcoin Spot ETF inflows hit $1.005B on Nov 21, led by BlackRock’s $608M and Fidelity’s…

1 hour ago

New York Techie Bagged $72M from $15K Investment in Ethereum — Here’s How BlockDAG Can Offer Similar Jackpot

Discover the success story of a New York tech entrepreneur who made $72M from a…

2 hours ago

Best Altcoins to Buy Today: Qubetics Rides 1000x Potential to Hit $2.6M, Ethereum Stays Rangebound, Tron USDT Transactions Hit $52B

Discover the best cryptos to buy and hold today: Qubetics leads with 1000x potential, Ethereum…

4 hours ago

This website uses cookies.