Axie Infinity hacked with just a PDF file, the culprit is a North Korean hacker

Accordingly, the hacker attacked the game's system through a job scam campaign on LinkedIn. Axie Infinity is a game of Sky Mavis company founded by Vietnamese people.

The US government has confirmed that North Korea's Lazarus hacker group is the culprit behind the attack on Axie Infinity. The trick of this hacker group is to create fake job postings on LinkedIn targeting Sky Mavis employees. Next, they conduct mock interviews and offer an extremely generous compensation package if employees quit their job at Sky Mavis to work for them.

 Finally, they close by sending a PDF file that is described as the official offer. This PDF file contains malicious code and when Sky Mavis employees click on it, hackers will get into their computers. The hacker then scoured Sky Mavis' network and got his hands on four of the nine nodes used to validate financial transactions on Sky Mavis' Ronin blockchain.

Previously, Sky Mavis revealed that the hacker had theoretically gained control of the fifth node from the decentralized Axie DAO thanks to the decision to allow Sky Mavis to sign transactions during a particularly busy time last November. .

This attack cost Sky Mavis about 625 million USD and became the largest virtual currency hack in the world at that time. Over the past few months, Sky Mavis has focused a lot of efforts on recovery. They have now raised $150 million to refund players and reopen transactions on the Ronin bridge.

A hacker stole nearly $625 million worth of Ethereum and USDC from Axie Infinity's Ronin bridge network. This could be the biggest crypto hack in history.

Ronin is an Ethereum sidechain created by Sky Mavis to create federated transactions for the game Axie Infinity with a bridge that acts as a way to transfer ERC-20 tokens between the Ethereum and Ronin blockchains.

Recently, Sky Mavis revealed that hackers attacked the Ronin bridge directly and stole 173,600 Ethereum and 22.5 million USDC in two transactions. At current exchange rates, the stolen virtual currency is worth $617 million.

While the Ronin sidechain uses 9 validator nodes to confirm transactions, the hacker was able to gain control of 5 of the validating signatures needed to withdraw the cryptocurrency from the bridge.

"Sky Mavis Ronin Chain currently consists of 9 validator nodes. To make a withdrawal or deposit, 5 out of 9 validator signatures are required. Hackers managed to take control of 4 Sky Mavis Ronin Validators and one authenticated third-party signatures controlled by the Axie DAO", shared Sky Mavis.

The attack happened on March 23, 2022, but it was not discovered until March 29 by Sky Mavis when a user tried to withdraw 5,000 Ethereum from the bridge but was unable to do so.

Most of the stolen crypto is still in the hacker's Ethereum wallet even though he has moved ETH to different addresses and exchanges.

Sky Mavis shared that all the AXS, RON and SLP tokens on Ronin are safe but the deposits in the form of Ethereum and USDC were all stolen.

Sky Mavis announced that it is cooperating with the authorities to investigate this incident to ensure users do not lose their assets. During the investigation, Sky Mavis shut down Ronin Bridge and Katana Dex.

This is the largest cryptocurrency hack in history. Before that, the biggest hack was $611 million stolen from Poly Network in August 2021.

Jessica Tanner

Update 07 July 2022