Elain Brown Games 07.13.2022 05:Jul AM EDT

Axie Infinity Lost $620 Million to Hackers Who Started a Fake Job Offer

Axie Infinity suffered a massive breach that led to a $620 million crypto loss.

The hack happened on March 23, 2022 but was only discovered days later by the Sky Mavis team on March 29.

The former system of the company did not have a good tracking system for monitoring huge outflows from the bridge, hence the breach wasn't noticed right away.

The attacker was successful in gaining possession of five of the nine validator private keys in order to fabricate false withdrawals.

This included four Sky Mavis validators and one Axie DAO validator. As a consequence of this, 173,600 ETH and 25.5 million USDC were removed from the Ronin bridge across two separate transactions.

Axie Infinity Hack: How it Happened

Axie Infinity admitted and released a blog that thoroughly explained how that massive hacking was made possible in their system.

According to BleepingComputer, the threat actors made contact with employees at Sky Mavis through LinkedIn, pretending to be a company that was hiring employees.

One of the senior engineers working for Axie Infinity expressed interest in the phony job offer owing to the extremely lucrative salary. The engineer applied and went through several rounds of interviews for the position.

After a long series of interviews, the engineer applying for the position was given a PDF file that contained information regarding the project.

Unknowingly, the document was the hackers' entry point into the Ronin systems, which is the Ethereum-linked sidechain that provides support for the online NFT video game Axie Infinity.

After downloading and opening the file on the computer provided by the fake hiring company, it started a chain reaction that resulted in an infection that allowed the hackers to break into Ronin's systems and corrupt one Axie DAO validator and four token validators.

The Axie Infinity hack was discovered by the FBI to be caused by the state-sponsored group of malicious threat actors from North Korea, named Lazarus Group.

Axie Infinity's Refund

Axie Infinity employees are vulnerable to spear-phishing and social engineering attacks on a lot of social platforms. And that has been proven true with this crypto hacking.

The hack happened because there was a vulnerability in the validator nodes, Axie Infinity stated that for the hack not to happen again, they will be increasing the validating nodes on the Ronin Network.

Again, during the breach, the company only had nine validator nodes. However, the company stated that they have added three more validator nodes.

The NFT game also stated that in the next three months, they plan to reach 21 validator nodes and a long-term plan of having 100.

To prevent the company from being hacked again, they stated that part of their security plan is to deploy even stricter internal procedures.

They are conducting a thorough examination of the entirety of the security system, including all of their internal processes.

Axie Infinity stated, "We are putting a strong emphasis on security for all employees which includes more robust training courses to combat external threats and the use of work-only devices to further mitigate risks."

As reported by The Block, Sky Mavis completed a funding round that brought in $150 million and was led by Binance.

The profits from the exploit will be used, together with the company's own finances, to compensate users who were negatively impacted by the vulnerability.

A recent announcement made by the firm stated that it would begin giving people back their money on June 28.