Home>Blog>The Hacker News Headlines>Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity
The Hacker News Headlines

Hackers Used Fake Job Offer to Hack and Steal $540 Million from Axie Infinity

The $540 million hack of Axie Infinity’s Ronin Bridge[1]
in late March 2022 was the consequence of one of its former
employees getting tricked by a fraudulent job offer on LinkedIn, it
has emerged.

According to a report from The Block[2]
published last week citing two people familiar with the matter, a
senior engineer at the company was duped into applying for a job at
a non-existent company, causing the individual to download a fake
offer document disguised as a PDF.

“After what one source described as multiple rounds of
interviews, a Sky Mavis engineer was offered a job with an
extremely generous compensation package,” the Block reported.

The offer document subsequently acted as a conduit to deploy
malware designed to breach Ronin’s network, ultimately facilitating
one of the crypto sector’s biggest hacks to date.

“Sky Mavis employees are under constant advanced spear-phishing
attacks on various social channels and one employee was
compromised,” the company said[3]
in a post-mortem analysis in April.

“This employee no longer works at Sky Mavis. The attacker
managed to leverage that access to penetrate Sky Mavis IT
infrastructure and gain access to the validator nodes.”

In April 2022, the U.S. Treasury Department implicated the North
Korea-backed Lazarus Group in the incident, calling out the
adversarial collective’s history of attacks targeting the
cryptocurrency sector to gather funds for the hermit kingdom.

Bogus job offers have been long[4]
employed[5]
by the advanced persistent threat as a social engineering lure,
dating back as early as August 2020 to a campaign dubbed by Israeli
cybersecurity firm ClearSky as “Operation Dream Job.”

CyberSecurity

In its T1 Threat Report for 2022[6], ESET noted how actors
operating under the Lazarus umbrella have employed fake job offers
through social media like LinkedIn as its strategy for striking
defense contractors and aerospace companies.

While Ronin’s Ethereum bridge was relaunched in June, three
months after the hack, the Lazarus Group is also suspected to be behind[7]
the recent $100 million altcoin theft from Harmony Horizon
Bridge.

The findings also come as blockchain projects centered around
Web 3.0 have lost more than $2 billion[8]
to hacks and exploits in the first six months this year, blockchain
auditing and security company CertiK disclosed[9]
in a report last week.

References

  1. ^
    Ronin
    Bridge     (thehackernews.com)
  2. ^
    The
    Block     (www.theblock.co)
  3. ^
    said
    (roninblockchain.substack.com)
  4. ^
    long
    (thehackernews.com)
  5. ^
    employed
    (thehackernews.com)
  6. ^
    T1
    Threat Report for 2022
    (www.welivesecurity.com)
  7. ^
    suspected to be behind
    (thehackernews.com)
  8. ^
    more
    than $2 billion     (www.theblock.co)
  9. ^
    disclosed
    (www.theverge.com)

Read more

Leave a Reply

Powered By Anakyst UK Work done easy Discover Great Places People Websites in Nigeria. Be Discovered and Discover Great Places People Products & Websites in Nigeria. Tell us what you need to advertise online onradio ontv and where you want to advertise and discover talented publishers and advertisers within minutes for just a fraction of the cost!JobScout | Developed By Rara Theme. Powered by WordPress.