According to a new report, the investigation into the Ronin bridge hack by Axie Infinity has shown how hackers broke into the system by sending a “fake job offer” in PDF form to a engineer of Sky Mavis.
Ronin, the Ethereum-linked sidechain that underpins play-to-earn game Axie Infinity, lost $540 million in crypto to an exploit in March. All the evidence presented points to a North Korean hacker group known as Lazarus, the full details of how the exploit was carried out are yet to be revealed.
A recent report by The Block revealed that a fake job ad was Ronin’s undoing.
According to sources who remain anonymous due to the sensitive nature of the case, a senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist.
Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter. One source added that the approaches were made through the professional networking site LinkedIn.
After multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package. The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded – allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network – leaving them just one validator short of total control.
Validators fulfill various functions in blockchains, including the creation of transaction blocks and the updating of data oracles. Ronin uses a so-called “proof of authority” system for signing transactions, concentrating power in the hands of nine trusted actors.
But after successfully infiltrating Ronin’s systems through the fake job ad, the hackers had control of just four out of the nine validators – meaning they needed another in order to take control.
In its post-mortem, Sky Mavis revealed that the hackers managed to use the Axie DAO (Decentralized Autonomous Organization) – a group set up to support the gaming ecosystem — to complete the heist. Sky Mavis had asked the DAO for help dealing with a heavy transaction load in November 2021.
“The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allowlist access was not revoked, {…}Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator.”
Sky Mavis said in the blog post
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Foxy
CoinCu News
While Aave finds itself in uncertain territory, a fresh face in the crypto scene, Qubetics…
Analysts push for a Dogecoin price surge to its $0.2288 yearly high while ETFSwap (ETFS)…
Discover the promising altcoin under $1 that may outperform XRP amid election volatility and market…
Campinas, Brazil, 5th November 2024, Chainwire
Terra Shuttle Bridge has now been closed, and all remaining LUNC and USTC tokens have…
Miami, Florida, 5th November 2024, Chainwire
This website uses cookies.