Elaborate hack of ‘Axie Infinity’ tied to fake LinkedIn job offer
Axie Infinity was the prime example of crypto gaming last year, when its play-to-earn formula helped it reach up to 2.7 million daily active users last November. But that all came crashing down in March, when hackers stole $625 million from the Ethereum-linked Ronin sidechain powering the game. Now, it turns out, the source of that hack came from an unlikely source: A fake job offer from LinkedIn.
As The Block reports (via The Verge) based on two sources, the hackers infiltrated Axie Infinity owner Sky Mavin’s network by sending a spyware-filled PDF to one employee. That person thought they were accepting a high-paying job from another firm, but it turns out that company never existed. According to the US government, North Korean hacker group Lazarus was behind the attack.
“Employees are under constant advanced spear-phishing attacks on various social channels and one employee was compromised,” Sky Mavis noted in a post-mortem blog post following the hack. “This employee no longer works at Sky Mavis. The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes.”
Axie Infinityspun back up last week, and it’s still relying on the …read more