The latest report on the Axie Infinity/Ronin Bridge hack is too good to be true. Especially considering the claims of the FBI, a hacking group sponsored by North Korea is to blame. “A senior engineer at Axi Infinity was duped into applying for a job in a company that didn’t really exist,” section Report. Not only that, apparently, the hackers’ spyware entered the system through a simple .pdf file. Incredible that the $622M hack started this way.
Ronin Network is an Ethereum sidechain exclusively serving Axi Infinity. A fun app with a billion dollar business and a thriving internal economy and an international audience, the play-to-earn game was one of the bull market’s biggest success stories. Sky Mavis is the studio behind Axi Infinity. And its one programmer apparently fell victim to the simplest social engineering trick in the book.
North Korea-sponsored hackers stole more than $400M in 2021 alone, according to surveillance firm Chainalysis. And according to the FBI, they are responsible for the Axie Infinity/Ronin hack. Alphabet agency unearthed money in wallets linked to North Korean hacking group Lazarus. Does The Block’s article complete or negate this version of the story? It’s hard to see North Koreans doing stunts like this.
In any case, the FBI was extremely clear in a statement at the time. quoted here,
“Through our investigation we were able to confirm the Lazarus Group and APT38, a cyber actor associated with the DPRK, is responsible for the theft of $620 million in Ethereum reported on March 29.”
If true, he broke his 2021 record with just one operation.
How did the Axi Infinity/Ronin hack happen?
Hack’s alleged story is hilarious, to say the least. According to Block:
“Earlier this year, employees of Axi Infinity developer Sky Mavis were contacted and encouraged to apply for jobs by people representing the fake company, according to people familiar with the matter.”
After several rounds of interviews, one of the developers of Sky Mavis received an extremely generous offer. He opened Pandora’s box and all hell broke loose.
The “fake “offer” was delivered as a PDF document, which the engineer downloaded – allowing spyware to infiltrate Ronin’s systems. From there, hackers would attack four of the nine validators on the Ronin network and kill them. were able to take over – they only had one validator less than total control.”
To complete the attack, he took control of another unit. Once upon a time, “Axi DAO allowed Sky Mavis to sign various transactions on its behalf.” The permissions were still valid and the hackers took advantage of them. Post-mortem of the operators of Ronin Bridge Indicates the outcome of the attack.
“The attacker managed to gain control of five of the nine validator private keys – 4 Sky Mavis validators and 1 Axi DAO – for counterfeit withdrawals. This resulted in the withdrawal of 173,600 Ethereum and 25.5M USDC from Ronin Bridge in two transactions”
Did the operatives of Lazarus plan such a Hollywood attack? Or does the comedic modus operandi involve other criminals?
AXS price chart on FTX | Source: AXS/USD on TradingView.com
Previous Coverage of the Ronin Hack
Let’s turn to archival material to complete the story and add additional details. when the breach occurred, NewsBTC described it as,
“On March 23, cybercriminals exploited the Ronin Bridge network, and hackers plundered assets worth more than $625 million. The assets include 25.5 million USDC and more than 173,600 Ether. A report on their blog used this data. disclosed.”
Then, we reported on Axi Infinity and Sky Mavis. first solution to the problem,
“The latest move announced is a $1 million bug bounty program that invites white hat hackers to test out the blockchain.
Sky Mavis and Axi Co-Founder and COO announced: “Calling all whitehats in the blockchain space. The Sky Mavis bug bounty program is here. Keeping the Ronin network safe while earning up to $1,000,000 in bounties for fatal bugs.” Please help us.”
And then, when the operators reopened our sister site, the new and improved Ronin Bridge Bitcoinist Review Its Features,
“In addition to two independent audits on its smart contracts, Ronin Bridge’s new design implemented a new “circuit-breaker” feature. This prevents a bad actor from replicating a previous attack or exploiting any potential new attack vector. was added directly to the stop.”
Therefore, Ronin Bridge appears to be safe to use at this time. However, it also seemed safe to use before the hack.
Featured Image by Niek Verlaan from Pixabay | Charts by TradingView