The $540 million hack of Axie Infinity’s Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged.
A report by The Block, which cited two people familiar, said that a senior engineer from the company was tricked into applying for a job with a nonexistent company. The individual downloaded a fake offer document disguised to be a PDF.
The Block reported that a Sky Mavis engineer was offered a job after what one source called multiple rounds of interviews.
The offer document was used to distribute malware to hack Ronin’s network. This led to one of the largest hacks in crypto-sector history.
Sky Mavis employees are constantly under advanced spear-phishing attack on different social channels, and one employee was compromised,” the company stated in April in a post-mortem.
Sky Mavis has terminated the employment of this employee. The attacker used this access to gain entry to validator nodes and penetrate Sky Mavis’ IT infrastructure.
In April 2022, the U.S. Treasury Department implicated the North Korea-backed Lazarus Group in the incident, calling out the adversarial collective’s history of attacks targeting the cryptocurrency sector to gather funds for the hermit kingdom.
Advanced persistent threats have long used bogus job offers as social engineering bait. They date back to August 2020, a campaign that ClearSky called “Operation Dream Job.”
ESET’s T1 Threat Report 2022 noted that actors under the Lazarus umbrella used fake job offers via social media such as LinkedIn to strike defense contractors and aerospace firms.
Ronin’s Ethereum Bridge was relaunched three months after the hack in June. However, the Lazarus Group is also suspected of being behind the recent theft of $100 million worth of altcoins from Harmony Horizon Bridge.
These findings are also significant given that blockchain projects centered on Web 3.0 have suffered losses of more than $2B to hacks and exploits over the first six months of this year, according to CertiK, a blockchain auditing, and security firm.
Some Popular Stories: