KEY POINTS

  • N. Korean hacking group Lazarus is said to be the culprit behind the hack
  • The hack amounted to approximately $540 million
  • A senior engineer at "Axie Infinity" was reportedly tricked into applying for a fake job

The "Axie Infinity" Ronin Bridge hack, which cost approximately $540 million, is considered the Ethereum ecosystem's biggest loss this year and caused the world's most popular NFT-based online game to lose many players. But while many think the multi-million hack used sophisticated and complex technology, apparently, all it took was a fake job offer.

A senior engineer at "Axie Infinity" was reportedly tricked into applying for a job that actually did not exist, The Block reported. People allegedly posed as representatives of a fake company and approached staff at "Axie Infinity" in the early part of 2022, enticing them to apply for jobs.

The "approaches" were apparently made via LinkedIn, a professional networking site, the report said. Following a series of interviews, a senior engineer at developer Sky Mavis received an offer with a handsome compensation package.

In-game assets called 'Axies' are seen in this undated handout image from the blockchain-based game Axie Infinity, which is owned by Sky Mavis. Sky Mavis/Handout via REUTERS
In-game assets called 'Axies' are seen in this undated handout image from the blockchain-based game Axie Infinity, which is owned by Sky Mavis. Sky Mavis/Handout via REUTERS Reuters / Sky Mavis

The said offer was sent via a pdf document, which the recipient downloaded and enabled the hackers' spyware to get into the "Axie Infinity" system. With the spyware in place, malicious actors, which the U.S. government later identified as the North Korean group Lazarus, took over four of nine validators of the Ronin network, leaving them one validator short of full control.

In a blog released by Sky Mavis following the hack, it confirmed that the compromised employee no longer works with them. Its statement also aligned with what sources who disclosed the details of the hack said.

"The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes," the development team reported. "At the time, Sky Mavis controlled 4/9 validators, which would not be enough to forge withdrawals," it noted.

"The validator key scheme is set up to be decentralized so that it limits an attack vector, similar to this one, but the attacker found a backdoor through our gas-free RPC node, which they abused to get the signature for the Axie DAO validator," Sky Mavis explained in a blog post published in April.

Following the hack, Sky Mavis increased the number of validator nodes to 11 and noted that one of its long-term goals is to have over 100 validator nodes.

RELATED STORIES