The world’s largest crypto scam started with a fake job offer
In March this year, $ 620 million worth of cryptocurrency was stolen from the online game Axie Infinity. While investigative agencies have not fully revealed how this was done, it seems that it all started with a fake job offer.
Developed by Vietnamese studio Sky Mavis, Axie Infinity is a strategy-based online video game that lets users grow and trade digital pets called Axies. The game uses Ethereum-based cryptocurrencies in its in-game economy. At its peak, it boasted 2.7 million daily active users and $ 214 million in weekly trading volume, The Block reported.
In March, hackers gained access to the Ronin blockchain used by Axie Infinity for its cryptocurrency transactions and disposed of with 173,600 units of ether and 25.5 million USDC, a stable coin. Based on the then market value of the cryptocurrency, the amount of the robbery was estimated at 620 million dollars, the largest ever in the world.
It all started with a fake job offer
According to The Blocks report, employees at Sky Mavis were contacted via Linkedin and encouraged to apply for jobs. Applicants went through several interviews, except that the people who did this represented companies that did not exist.
Finally, a senior engineer from Mavis was offered a job with an extremely generous compensation package, and a PDF copy of the offer letter was sent to the employee, who downloaded it. Unknown to the employee at the time, the PDF document also contained spyware that allowed hackers to infiltrate Ronin’s systems and gain control of four validators on the Ronin network, which the company referred to in an autopsy report on the incident.
Ronin uses a “proof-of-authority” system to validate transactions on the network. Prior to the attack, nine validators were able to sign transactions to be added to the blockchain. The spyware attack allowed hackers to gain control of four such validators, but needed one more to carry out the robbery.
It came from the audit of the Axie Infinity management itself, which had sought help from Axie DAO (decentralized autonomous organization) – to overcome the large transaction load in November 2021. This DAO served as an additional validator on the network for a month, but access was not revoked. As the hackers gained access to Sky Mavis’ systems, they gained access to the DAO validator and used its authority to carry out the robbery.
Who did it?
Investigations by US authorities have linked the robbery to the North Korea-backed Lazarus Group. The Block also reported that an investigation by an Internet security company had found that the Lazarus group also used Whatsapp and Linkedin to pose as recruiters and target aviation and defense contractors.
Earlier this year, a report sent to the UN revealed that North Korea used stolen crypto to fund its weapons development program. To do so, it must involve other crypto market participants who will allow the stolen crypto to be vaguely transmitted over the internet.
In May, the US Treasury Department sanctioned Blender.io, a virtual currency mixer platform that was allegedly involved in hiding more than $ 20.5 million of cryptocurrency stolen from Axie Infinity, Business Insider said in its report.