Axie Infinity: Very Complicated Hack via Fake LinkedIn Job Offer

The Axie Infinity hack was due to a fake job posting on LinkedIn. A great example of social engineering.

Axie Infinity was a leading example in the crypto gaming market last year, with a “play to earn” formula reaching at least 2.7 million daily active players last November. But that all came crashing down in March when hackers stole the equivalent of $625 million from the Ethereum-linked Ronin sidechain on which the game is based.

The Axie Infinity hack was due to a fake job posting on LinkedIn.

According to The Block, hackers infiltrated the owner of Axie Infinity Sky Mavin Network by sending spyware-infected PDF files to an employee, according to two separate sources. This man thought he was accepting a well-paid job offer from another company, a company that never really existed. According to the US government, the North Korean hacker group Lazarus was behind the attack.

“Employees are a constant target of sophisticated spear-phishing attacks on various social channels, and one employee has been compromised,” Sky Mavis explained in a blog post following the hack. “This employee is no longer with Sky Mavis. The attacker was able to use this access to infiltrate the Sky Mavis IT infrastructure and gain access to the verification nodes.”

Great example of social engineering

Axie Infinity resumed operations last week and is still based on the Ronin sidechain, but with enhanced security measures. The company also increased the number of validation nodes to 11 in April from 9 earlier, making it harder for hackers to control the network. (Lazarus accessed 5 nodes to perform this hack, including the Axie DAO node.) And it also implements a “kill switch”system to detect large seizures.

Although this hack was carefully planned and required a lot of technical knowledge, it is again based on a classic vulnerability: social engineering.

CDN CTB