An elaborate LinkedIn scam was behind one of the world's largest crypto heists, the victim revealed.
In a post-mortem post, the Ronin Network explained that an employee of Sky Mavis, developer of the Axie Infinity game (powered by the Ronin blockchain "bridge"), was approached via LinkedIn with a bogus job offer.
The offer seemed good and the developer showed interest. They then went through a series of interviews, until they were finally offered a lucrative position. The criminals then abused the trust they had developed to infect the individual's device with malware.
sophisticated social engineering
Given that the developer has gone through several interviews, it would appear to be quite an elaborate scheme.
When he was finally offered the job, he received a malware payload disguised as a .PDF file. With the help of this malware (which was obviously not detected by any antivirus program (opens in a new tab)), the attackers managed to take control of four of the nine validators in the Ronin network.
Validators are entities that approve transactions on the network, and to withdraw the funds the attackers needed five confirmations. They were a short endpoint (opens in a new tab).
This is where the DAO (Decentralized Autonomous Organization) comes into play. As further explained in the autopsy, in November 2021, Axie's DAO was asked by Sky Mavis to help manage a large transaction load that was occurring at the time.
“Axie DAO has authorized Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but allow list access has not been revoked,” Sky Mavis said in the blog post. "Once the attacker gained access to the Sky Mavis systems, he was able to obtain the signature of the Axie DAO validator."
173.600 ether (the native currency of the Ethereum blockchain) and 25,5 million USD coins were stolen in the hack, with a total value of USD 625 million. Some commentators have suggested that it was potentially the biggest heist (opens in a new tab) in cryptocurrency history.
Sky Mavis has since increased the number of validators to 11, with plans to increase that number to 100.