According to a new report, the investigation into the Ronin bridge hack by Axie Infinity has shown how hackers broke into the system by sending a “fake job offer” in PDF form to a engineer of Sky Mavis.
Ronin, the Ethereum-linked sidechain that underpins play-to-earn game Axie Infinity, lost $540 million in crypto to an exploit in March. All the evidence presented points to a North Korean hacker group known as Lazarus, the full details of how the exploit was carried out are yet to be revealed.
A recent report by The Block revealed that a fake job ad was Ronin’s undoing.
According to sources who remain anonymous due to the sensitive nature of the case, a senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist.
Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter. One source added that the approaches were made through the professional networking site LinkedIn.
After multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package. The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded – allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network – leaving them just one validator short of total control.
Validators fulfill various functions in blockchains, including the creation of transaction blocks and the updating of data oracles. Ronin uses a so-called “proof of authority” system for signing transactions, concentrating power in the hands of nine trusted actors.
But after successfully infiltrating Ronin’s systems through the fake job ad, the hackers had control of just four out of the nine validators – meaning they needed another in order to take control.
In its post-mortem, Sky Mavis revealed that the hackers managed to use the Axie DAO (Decentralized Autonomous Organization) – a group set up to support the gaming ecosystem — to complete the heist. Sky Mavis had asked the DAO for help dealing with a heavy transaction load in November 2021.
“The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allowlist access was not revoked, {…}Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator.”
Sky Mavis said in the blog post
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Join CoinCu Telegram to keep track of news: https://t.me/coincunews
Follow CoinCu Youtube Channel | Follow CoinCu Facebook page
Foxy
CoinCu News
George Town, Grand Cayman, 22nd November 2024, Chainwire
Inflation Warning by Vanguard highlights risks during Trump’s term, citing tariffs and tighter labor markets…
Clanker token trading volume hit $59.8M on Nov 21, accounting for 14.75% of PumpFun. Fee…
Bitcoin Spot ETF inflows hit $1.005B on Nov 21, led by BlackRock’s $608M and Fidelity’s…
Discover the success story of a New York tech entrepreneur who made $72M from a…
Discover the best cryptos to buy and hold today: Qubetics leads with 1000x potential, Ethereum…
This website uses cookies.