.png){kind=logo}
The blockchain of high-profile crypto game Axie Infinity was reportedly hacked with an elaborate phishing scheme involving fake LinkedIn job offers. The Block reported the news today, citing two sources with knowledge of the incident. It revealed a new dimension to one of the biggest decentralized finance, or DeFi, hacks to date.
According to The Block which cited two anonymous sources with knowledge of the incident, multiple employees working for Sky Mavis were approached by hackers who were posing as job recruiters on Linkedin. When one senior engineer took the bait after attending multiple interviews, he was presented with an "extremely generous" fake compensation package.
This compensation package was delivered to him via a PDF file, which allowed spyware to infiltrate the Ronin servers and gain access to four out of the nine Ronin validator nodes, which left them just one short of taking over the network. They also used a separate organization named the Axie DAO (Decentralized Autonomous Organization) to gain access to the fifth node and obtain full control of Ronin.
They then drained Sky Mavis' treasury of Ethereum and USDC cryptocurrency, worth about US$625 million at the time. This money is yet to be recovered from the hackers-who are suspected to be North Korean hacker group Lazarus by the U.S. government.
Sky Mavis has previously disclosed that the employee who compromised Sky Mavis' IT infrastructure and the Ronin Validators was no longer working in the company.
Following the hack, Sky Mavis raised US$150 million in April to reimburse players who lost money due to this exploit. The company has also restarted the Ronin bridge, with stricter security measures, which include the addition of a circuit-breaker for large-scale transactions and an increase in the number of Ronin validator nodes, boosting it to 11.
According to surveillance firm Chainalysis, North Korea-sponsored hackers stole over US$400M in 2021 alone. And according to the FBI, they're responsible for the Axie Infinity/Ronin hack. The alphabet agency traced the funds to wallets associated with North Korean hacking group Lazarus. Does The Block's article complete or negate this version of the story? It's hard to see North Koreans pulling a stunt quite like this.
In any case, at the time the FBI was extremely clear in a statement quoted here: "Through our investigation, we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th."
Axie Infinity is a blockchain-based trading and battling game that is partially owned and operated by its players. Inspired by popular games like Pokémon and Tamagotchi, Axie Infinity allows players to collect, breed, raise, battle, and trade token-based creatures known as Axies.
These Axies can take various forms, and there are more than 500 different body parts available, including aquatic, beast, bird, bug, plant, and reptile parts. Parts from each type class come in four different rarity scales: common, rare, ultra-rare, and legendary — and Axies can have any combination of body parts, making them highly variable and often rare and unique.
Each Axie is a non-fungible token (NFT) with different attributes and strengths and can be entered into 3v3 battles, with the winning team earning more experience (exp) points that are used to level up an Axie's stats or evolve their body parts. These Axies can be bred together to produce new and unique offspring, which can be used or sold on the Axie marketplace.
The Axie Infinity ecosystem also has its own unique governance token, known as Axie Infinity Shards (AXS). These are used to participate in key governance votes and will give holders a say in how funds in the Axie Community Treasury are spent.
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.
