{"id":10105,"date":"2022-07-07T18:17:34","date_gmt":"2022-07-07T23:17:34","guid":{"rendered":"http:\/\/blog.jlbn.net\/?p=10105"},"modified":"2022-07-07T18:17:35","modified_gmt":"2022-07-07T23:17:35","slug":"report-540-million-crypto-gaming-hack-made-possible-by-elaborate-phishing-scheme","status":"publish","type":"post","link":"http:\/\/blog.jlbn.net\/?p=10105","title":{"rendered":"Report: $540 Million Crypto Gaming Hack Made Possible By Elaborate Phishing Scheme"},"content":{"rendered":"\n<p><a href=\"https:\/\/kotaku.com\/axie-infinity-nft-crypto-hack-landlord-scholar-pokemon-1848800557\">NFT\u00a0<em>Pok\u00e9mon<\/em>\u00a0clone\u00a0<em>Axie Infinity<\/em><\/a>\u00a0went from being famous for players profiting off its \u201cplay-to-earn\u201d gaming scam to infamous for getting hacked out of $540 million in cryptocurrency. Now according to\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/www.theblock.co\/post\/156038\/how-a-fake-job-offer-took-down-the-worlds-most-popular-crypto-game\" target=\"_blank\">a new report by\u00a0<em>The Block<\/em><\/a>we know what made the security breach possible: a sophisticated phishing attempt socially engineered on LinkedIn that sounds like a deleted episode of\u00a0<a href=\"https:\/\/gizmodo.com\/mr-robot-is-finally-good-again-1784803656\"><em>Mr. Robot<\/em><\/a>.<\/p>\n\n\n\n<p>For those unfamiliar with the Axie grift, developer Sky Mavis developed an Ethereum-linked sidechain called the Ronin Network and grafted on a game about battling and breeding cute monsters called&nbsp;<em>Axie Infinity<\/em>. Borrowing mechanics from the likes of&nbsp;<em>Pok\u00e9mon<\/em>,&nbsp;<em>Neopets<\/em>, and&nbsp;<em>Hearthston<\/em>e, players were invited to earn Ethereum-based cryptocurrencies in-game by grinding, and for a while it was turning a huge profit as fresh players poured their time and money into the platform. Then earlier this year the enterprise&nbsp;<a href=\"https:\/\/kotaku.com\/axie-infinity-crypto-crash-smooth-love-potion-token-val-1848920116\">hit all sorts of snags<\/a>, from stagnating growth to currency inflation and, not least of all, one of the&nbsp;<a href=\"https:\/\/kotaku.com\/crypto-axie-infinity-scam-exploit-blockchain-ethereum-n-1848721147\">biggest crypto hacks of all time<\/a>.<\/p>\n\n\n\n<p>Developer Sky Mavis revealed back in April that the security breach was made possible by an employee who was \u201ccompromised\u201d by an \u201cadvanced spear-phishing attack.\u201d \u201cThe attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes,\u201d the company\u00a0<a href=\"https:\/\/kotaku.com\/crypto-axie-infinity-scam-exploit-blockchain-ethereum-n-1848721147\">wrote at the time<\/a>.<\/p>\n\n\n\n<p><a href=\"https:\/\/www.theblock.co\/post\/156038\/how-a-fake-job-offer-took-down-the-worlds-most-popular-crypto-game\" rel=\"noreferrer noopener\" target=\"_blank\"><em>The Block<\/em>&nbsp;now reports<\/a>, based on two sources with direct knowledge of the incident, that the employee in question was a senior engineer on&nbsp;<em>Axie Infinity<\/em>&nbsp;and the means of infiltrating their computer was a job offer that was too good to be true.<\/p>\n\n\n\n<p>According to\u00a0<em>The Block<\/em>, fraudsters representing a fake company approached the engineer through LinkedIn, encouraged them to apply for a job, held\u00a0<em>multiple<\/em>\u00a0rounds of interviews, and eventually made a job offer that included an \u201cextremely generous compensation package.\u201d But the offer was contained in a PDF file.<\/p>\n\n\n\n<p>After the mark downloaded it, spyware was reportedly able to infiltrate the Ronin Network\u2019s systems and grant hackers access to four of the five nodes (out of nine total) they needed to cash out. Access to the fifth was obtained through something called the Axie DAO\u2014a separate organization which Sky Mavis had enlisted to help with the influx of transactions during the height of&nbsp;<em>Axie Infinity<\/em>\u2019s popularity. Sky Mavis had failed to remove DAO\u2019s access from its systems after its help was no longer needed.<\/p>\n\n\n\n<p>One of the much-heralded appeals of blockchain technology is its ability to make databases public and accessible to all while still keeping them secure. But any locked door, no matter how strong, is only as secure as the person holding the key to it. Here with\u00a0<em>Axie Infinity<\/em>, the vulnerability of Sky Mavis\u2019 employees was compounded by careless shortcuts it took to stay on top of the game\u2019s meteoric growth last fall. (Sky Mavis has since increased its total validator nodes to 11, with long-term plans to have over 100.)<\/p>\n\n\n\n<p>Of course, in the meantime the company still needs to pay back everyone who lost money in the hack. In April, it\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/www.vice.com\/en\/article\/4awmqg\/crypto-firms-come-together-to-bail-out-axie-infinity-after-dollar624m-hack\" target=\"_blank\">raised another $150 million<\/a>, partly in a bid to make its existing playerbase whole again. That same month, the\u00a0<a href=\"https:\/\/gizmodo.com\/fbi-says-north-korea-behind-biggest-crypto-theft-in-his-1848797691\">FBI identified North Korea hackers \u201cLazarus Group\u201d<\/a>\u00a0as the culprits behind the<em>\u00a0Axie Infinity<\/em>\u00a0hit. The federal law enforcement agency also recently\u00a0<a href=\"https:\/\/gizmodo.com\/north-korea-hackerkim-jung-un-dprk-fbi-1848937132\">warned companies against accidentally hiring North Korean hackers<\/a>\u00a0as remote IT specialists.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>NFT\u00a0Pok\u00e9mon\u00a0clone\u00a0Axie Infinity\u00a0went from being famous for players profiting off its \u201cplay-to-earn\u201d gaming scam to infamous for getting hacked out of<\/p>\n","protected":false},"author":1,"featured_media":10106,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3423,254,3421,3424],"tags":[3426,1142,3087,888,3427],"_links":{"self":[{"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=\/wp\/v2\/posts\/10105"}],"collection":[{"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10105"}],"version-history":[{"count":1,"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=\/wp\/v2\/posts\/10105\/revisions"}],"predecessor-version":[{"id":10107,"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=\/wp\/v2\/posts\/10105\/revisions\/10107"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=\/wp\/v2\/media\/10106"}],"wp:attachment":[{"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10105"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10105"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.jlbn.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10105"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}