A recent investigation by The Block has revealed that a fake LinkedIn job offer was the root cause of Axie Infinity’s $600 million hack. While the US government initially attributed the attack to the North Korean hacker group Lazarus, specific details of how the exploit was carried out were not disclosed.
According to sources familiar with the situation, a senior engineer at Axie Infinity named Sky Mavis fell victim to the scam after being lured into applying for a non-existent job through LinkedIn. After successfully passing multiple interviews, Mavis was offered a position with an enticing compensation package. However, the offer contained a malicious PDF file that, once opened, deployed spyware onto Ronin, the Ethereum-linked sidechain that Axie Infinity operates on.
The spyware enabled hackers to take control of four out of nine validators on the Ronin network, allowing them to carry out the massive hack. Glasswall CEO Danny Lopez emphasized the importance of proactive cybersecurity measures, such as Content Disarm and Reconstruction (CDR) technology, in preventing such attacks.
CDR technology ensures that all files entering an organization’s IT environment undergo a thorough inspection to remove any potentially harmful code. This proactive approach helps create a secure digital environment where threats cannot exist, allowing for seamless operations without compromising productivity or security.
The revelation about Sky Mavis comes in the wake of the US Treasury’s sanctioning of cryptocurrency mixing service Blender.io, which was allegedly used by North Korean hackers in the Ronin hack. This incident serves as a stark reminder of the dangers posed by sophisticated cyberattacks and the critical need for robust cybersecurity measures in the digital age.