Are the Axie Infinity/Ronin Hack to Blame for a Fake Job Offer and a.Pdf? – Helena Mining Bitcoin
The most recent information regarding the Axie Infinity/Ronin bridge hack is unreal. Particularly in light of the FBI’s assertion that a hacking group supported by North Korea is to blame. According to The Block, “A senior engineer at Axie Infinity was tricked into applying for a job at a company that, in fact, did not exist.” Additionally, it appears that the hackers’ spyware entered the system via a straightforward.pdf file. It’s unbelievable that’s how a $622 million hack began.
Axie Infinity is the only client of the Ethereum sidechain known as The Ronin Network. The play-to-earn game was one of the bull market’s biggest success stories. It was both a billion dollar company and a fun app with a thriving internal economy and an international audience. Axie Infinity was created by the studio Sky Mavis. And it appears that one of its programmers fell for the simplest social engineering ruse ever.
North Korea: Is it at fault?
North Korea-sponsored hackers stole more than $400 million in 2021 alone, claims surveillance company Chainalysis. Additionally, the FBI claims that they were behind the Axie Infinity/Ronin hack. The North Korean hacking group Lazarus was linked to wallets by the alphabet agency, which tracked the money. Does The Block’s article support this version of the story or refute it? It’s difficult to imagine North Koreans pulling off a stunt like this.
In any case, the FBI was very clear at the time in a statement that is here quoted:
Lazarus Group and APT38, cyber actors connected to the DPRK, are accountable for the theft of $620 million in Ethereum reported on March 29th, according to our investigation.
If accurate, they achieved their 2021 record in just one procedure.
What Caused The Axie Infinity/Ronin Hack?
The hack’s alleged tale is, to put it mildly, hilarious. As reported by The Block:
People claiming to be from the fictitious company approached employees at Axie Infinity developer Sky Mavis earlier this year and encouraged them to apply for jobs, according to the people familiar with the situation.
One of the developers of Sky Mavis received a very generous offer following several rounds of interviews. When he unlocked Pandora’s box, chaos ensued.
The engineer downloaded a PDF document that contained the fake “offer,” which allowed spyware to infiltrate Ronin’s systems. From that point, hackers were able to attack and seize control of four out of the nine validators on the Ronin network, leaving them in control of all validators.
They took control of another entity to carry out the attack. The Axie DAO once permitted Sky Mavis to sign a number of transactions on the company’s behalf. The permissions were still in effect, so the hackers profited from them. The aftermath of the attack is described in the post-mortem by the Ronin bridge’s operators.
“In order to create phony withdrawals, the attacker was able to seize control of five of the nine validator private keys, including four Sky Mavis validators and one Axie DAO. As a result, the Ronin bridge was drained of 173,600 Ethereum and 25.5M USDC in two transactions.
Did the Lazarus crew plan such a Hollywood-style assault? Or does the comedic method of operation point to other offenders?
Coverage Of The Axie Infinity/Ronin Hack In The Past
Let’s turn to historical documentation to wrap up the tale and provide more information. Following the breach, NewsBTC covered Axie Infinity and Sky Mavis’ initial response to the issue:
A $1 million bug bounty program that asks white hat hackers to stress test the blockchain is the most recent action to be announced.
Sky Mavis and Axie’s co-founder and CEO made the following announcement: “Calling all whitehats in the blockchain space. It’s time for the Sky Mavis Bug Bounty program. Earn a bounty of up to $1,000,000 for fatal bugs while assisting us in maintaining the security of the Ronin Network.
Then, when the upgraded Ronin bridge was once again operational, our sister site Bitcoinist examined its features:
“The new design of the Ronin Bridge has added a new “circuit-breaker” feature in addition to the two independent audits of its smart contracts. This was specifically added to stop malicious actors from copying the prior attack or making use of any potential new attack vector.
Therefore, it appears that using the Ronin bridge is safe at this time. But prior to the hack, it also seemed secure to use. Be safe online by conducting your own research.