The Axie Infinity hack is said to have been made possible by allegedly poaching employees with a subsequent offer via PDF file.
The Block reports, citing two anonymous witnesses “with direct knowledge of the matter” , that at the beginning of the year employees of Sky Mavis Inc., the developer of the play-to- Earn video game Axie Infinity, received job offers via LinkedIn through a fake company. After several rounds of applications, a Sky Mavis executive received an extremely generous offer in the form of a spyware-laced PDF file. As reported by The Blog, the company lost more than 600 million dollars in March, also through exploitation of this spyware.
Employee fell for imaginary job offer
The game developer downloaded the PDF file with the job offer to his computer. As a result, spyware was able to infiltrate Ronin’s systems. Hackers managed to attack and take over four out of nine validators in the Ronin network. Sky Mavis released on 09. A blog post about the hack announced on April 20:
“Employees are constantly advanced spear phishing attacks on various exposed to social channels. An employee was compromised. He no longer works at Sky Mavis. The attacker managed to use this access to penetrate Sky Mavis’ IT infrastructure and gain access to the validation nodes.”
Hackers took control and launched the raid
To complete the attack, the hackers finally took over nor control over the last node necessary for the attack via the Axie DAO. The permissions for this were still valid and the hackers exploited them. Sky Mavis informed:
“The attacker managed to gain control of five of the nine validator private keys to obtain – 4 Sky Mavis validators and 1 Axie DAO – to initiate withdrawals. This lead to 173.600 Ether and 25,5 million USDC stablecoin in two transactions from the Ronin -Bridge were removed.”
The blockchain analysis company Elliptic clarified in a blog post:
“Funds may be moved if five of the nine reviewers approve. The attacker managed to obtain the private cryptographic keys of five of the validators, which was enough to steal the cryptoassets.”
Axie Infinity uses the Ronin Network, a “sidechain” developed specifically for the game by Vietnamese studio Sky Mavis. This allows users to access the Ethereum blockchain without paying many of the standard transaction fees to enable digital currency transfers in and out of the Axie Infinity game. Players can thus receive crypto in exchange for playing and paying some startup costs.
Axie Infinity had 2.5 million active users
The Axie Infinity online game is a Pokemon-like video game that uses non-fungible tokens (NFTs). Players also engage in battles with colorful blob-like cartoon axolotls. The digital monsters called “Axies” are linked to non-fungible tokens (NFT). Players can breed, train, buy or sell these unique pieces of digital art.
Players can earn cryptocurrency in-game, which can then be traded outside of the game on some cryptocurrency exchanges. According to the manufacturer, the game has 2.5 million active users every day. It would also be the largest NFT collection ever, according to NFT market tracker CryptoSlam. In year 173 alone, Axie Infinity flowed $3.5 billion in NFTs, according to Business Insider India.
Sky Mavis Refund
According to the FBI, an investigation would have revealed that the hack attack against Axie Infinity, which is now considered one of the largest crypto thefts in history, was due to the Lazarus Group. Sky Mavis, meanwhile, stated that it was a combination of its own balance sheet funds and 09 millions of dollars from investors, including Binance. would use to refund the lost money to the players.