Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity

Products You May Like

The $540 million hack of Axie Infinity’s Ronin Bridge in late March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn, it has emerged.

According to a report from The Block published last week citing two people familiar with the matter, a senior engineer at the company was duped into applying for a job at a non-existent company, causing the individual to download a fake offer document disguised as a PDF.

“After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package,” the Block reported.

The offer document subsequently acted as a conduit to deploy malware designed to breach Ronin’s network, ultimately facilitating one of the crypto sector’s biggest hacks to date.

“Sky Mavis employees are under constant advanced spear-phishing attacks on various social channels and one employee was compromised,” the company said in a post-mortem analysis in April.

“This employee no longer works at Sky Mavis. The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes.”

In April 2022, the U.S. Treasury Department implicated the North Korea-backed Lazarus Group in the incident, calling out the adversarial collective’s history of attacks targeting the cryptocurrency sector to gather funds for the hermit kingdom.

Bogus job offers have been long employed by the advanced persistent threat as a social engineering lure, dating back as early as August 2020 to a campaign dubbed by Israeli cybersecurity firm ClearSky as “Operation Dream Job.”


In its T1 Threat Report for 2022, ESET noted how actors operating under the Lazarus umbrella have employed fake job offers through social media like LinkedIn as its strategy for striking defense contractors and aerospace companies.

While Ronin’s Ethereum bridge was relaunched in June, three months after the hack, the Lazarus Group is also suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge.

The findings also come as blockchain projects centered around Web 3.0 have lost more than $2 billion to hacks and exploits in the first six months this year, blockchain auditing and security company CertiK disclosed in a report last week.

Cyber Security

Products You May Like

Articles You May Like

New Study Might Lead to New Therapeutic Approach for Treating Alzheimer’s Disease
New Google Chrome Zero-Day Vulnerability Being Exploited in the Wild
Xiaomi Smart TV 5A Pro 32-Inch With Quad-Core CPU, Dolby Audio Launched in India
Apple and Meta headsets could face a big challenge: Sticker shock
Tencent Cuts 5,500 Jobs in First Quarterly Workforce Decline Since 2014 as Revenue Falls

Leave a Reply

Your email address will not be published.