The latest report on the Axie Infinity/ Ronin bridge hack is too good to be true. Especially considering the FBI claims a North Korea-sponsored hacking group is responsible for it. “A senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist,” The Block reports. That’s not all, apparently, the hackers’ spyware got into the system through a simple .pdf file. Unbelievable that a $622M hack started that way.
The Ronin Network is an Ethereum sidechain that exclusively serves Axie Infinity. Both a billion-dollar business and a fun app with a thriving internal economy and an international audience, the play-to-earn game was one of the bull market’s biggest success stories. Sky Mavis is the studio behind Axie Infinity. And one of its programmers apparently fell victim to the simplest social engineering trick in the book.
According to surveillance firm Chainalysis, North Korea-sponsored hackers stole over $400M in 2021 alone. And according to the FBI, they’re responsible for the Axie Infinity/ Ronin hack. The alphabet agency traced the funds to wallets associated with North Korean hacking group Lazarus. Does The Block’s article complete or negate this version of the story? It’s hard to see North Koreans pulling a stunt quite like this.
In any case, at the time the FBI was extremely clear in a statement quoted here:
“Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th.”
If true, they broke their 2021 record with just one operation.
How Did The Axie Infinity/ Ronin Hack Happen?
The hack’s supposed story is hilarious, to say the least. According to The Block:
“Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter.”
After several rounds of interviews, one of Sky Mavis’ developers got an extremely generous offer. He opened up Pandora’s box and all hell broke loose.
“The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded — allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network — leaving them just one validator short of total…
Click Here to Read the Full Original Article at NewsBTC…
