hackers-used-fake-job-offer-to-hack-and-steal-$540-million-from-axie-infinity

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity

The $540 million hack of Axie Infinity’s Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged.

According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing the individual to download a fake offer document disguised as a PDF.

“After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package,” the Block reported.

The offer document subsequently acted as a conduit to deploy malware designed to breach Ronin’s network, ultimately facilitating one of the crypto sector’s biggest hacks to date.

“Sky Mavis employees are under constant advanced spear-phishing attacks on various social channels and one employee was compromised,” the company said in a post-mortem analysis in April.

“This employee no longer works at Sky Mavis. The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes.”

In April 2022, the U.S. Treasury Department implicated the North Korea-backed Lazarus Group in the incident, calling out the adversarial collective’s history of attacks targeting the cryptocurrency sector to gather funds for the hermit kingdom.

Bogus job offers have been long employed by the advanced persistent threat as a social engineering lure, dating back as early as August 2020 to a campaign dubbed by Israeli cybersecurity firm ClearSky as “Operation Dream Job.”

In its T1 Threat Report for 2022, ESET noted how actors operating under the Lazarus umbrella have employed fake job offers through social media like LinkedIn as their strategy for striking defense contractors and aerospace companies.

While Ronin’s Ethereum bridge was relaunched in June, three months after the hack, the Lazarus Group is also suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge.

The findings also come as blockchain projects centered around Web 3.0 have lost more than $2 billion to hacks and exploits in the first six months this year, blockchain auditing and security company CertiK disclosed in a report last week.


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

Vulnerability Summary for the Week of November 21, 2022

airbnb — optica A remote code execution (RCE) vulnerability in Optica allows unauthenticated attackers to execute arbitrary code via specially…
TikTok Invisible Body Challenge Trend Abused to Drop Malware

TikTok Invisible Body Challenge Trend Abused to Drop Malware

The newest trend on TikTok, the Invisible Body Challenge, is being abused by cybercriminals to spread WASP info-stealing malware. This…
Acer Laptop Vulnerability Allows Malware Infection During Secure Boot

Acer Laptop Vulnerability Allows Malware Infection During Secure Boot

Cybersecurity firm ESET’s researchers have identified a vulnerability affecting Acer laptops. The bug isn’t new, as ESET already discovered it…