Axie Infinity hosts over 3 million traders of in-game NFTs and is one of the most popular of its kind. However, attackers were able to breach the system using a spear-phishing attack. A report from The Block says attackers – thought to be linked to North Korea – stole $540 million in cryptocurrency. The attack happened on March 23rd when the group was able to take private keys associated with four validator nodes. Those were running on the Ronin Network, which is what Axie runs on. Ronin has nine validators and the attackers took control of five, giving them majority control on the network. With that control, the threat actors could write checks for themselves. Being able to do that, they stop 25.5 million US coin and 173,600 Ethereum at a total of $540 million.
Recruitment Phishing Campaign
Access was possible by using a recruitment phishing scam that was able to trick senior officials into applying for jobs that didn’t exist. According to The Block, his phishing campaign was successful, granting the attackers access. “According to two people with direct knowledge of the matter, who were granted anonymity due to the sensitive nature of the incident, a senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist. After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package. The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded — allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network — leaving them just one validator short of total control.” Tip of the day: It’s a good idea to backup your computer on a regular basis, and the most fool-proof way is to manually create a disk image and save it to an external hard drive.