Fake job offer via LinkedIn used to hack and steal $540M from Axie Infinity


The attackers have stolen roughly 173,600 Ethereum and 25.5 million USDC.

Threat actors used a fake job offer on LinkedIn to target an employee at Axie Infinity that resulted in the theft of $540 Million in cryptocurrency. The perpetrators of the crime are believed to be an advanced persistent threat group with ties to North Korea.

In March, threat actors stole almost $540 million in Ethereum and USD Coin (a U.S. dollar pegged stablecoin) tokens from Axie Infinity’s Ronin network bridge. The Ronin Network is an Ethereum-linked sidechain used for the blockchain game Axie Infinity.

The attackers have stolen roughly 173,600 Ethereum and 25.5 million USDC. The Ronin bridge and Katana Dex have been halted following the attack.

Axie Infinity disclosed the security breach through the official Discord and Twitter accounts, and by Ronin Network.

According to a report from The Block, two people have revealed that threat actors targeted a senior engineer at the company with a fake job offer via LinkedIn.

The staff at Axie Infinity developer Sky Mavis were approached by people claiming to represent the fake company and encouraged to apply for jobs. One source added that the approaches were made through the professional networking site LinkedIn.

The attackers offered a job with an extremely generous compensation package to a Sky Mavis engineer.

A PDF containing the offer was sent to the employee which when opened is a spyware that compromised his system and infiltrate the Ronin’s network. Once inside the company infrastructure, the threat actors were able to take over five validators on the Ronin network.

Ronin is supported by nine validators so, by controlling five, the attacker possessed majority control over the network.

In April, the U.S. government blamed North Korea-linked APT Lazarus for the Ronin Validator cyber heist.


Please enter your comment!
Please enter your name here