An engineer at Sky Mavis received an extremely generous job offer, and the PDF of that offer concealed the malware that infected the company and allowed $540 million to be stolen from Axie Infinity.
At the time, Axie Infinity was one of the fastest growing games on the Android scenesince the title of Sky Mavis us promised to earn cryptocurrencies while we were raising and we trained our children ‘axies’ in a similar way to Pokémonbut using technology blockchain of Ethereum.
Then we learned that some industry experts they were already compared to a pyramid scamand shortly after hackers had stolen $540 million from Axie Infinity tricking one of his former employees with a fraudulent job offer on LinkedIn.
As our colleagues told us The HackerNews following the trail of a report of The Block citing sources close to Sky Mavis, apparently the hack suffered in the Ronin network by Axie Infinity was possible thanks to the deception suffered by one of his former employees, a senior engineer, who malicious software disguised as a PDF was downloaded after signing up for a job offer from a non-existent company on LinkedIn.
Sources say that, in fact, the Sky Mavis engineer was immersed in multiple rounds of interviews before being offered a fictitious job with an extremely generous compensation package, which was sent to him in an offer document disguised as a PDF but containing the malware with which they later accessed the company’s network.
That is what the developer company itself publishes to explain the matter:
Sky Mavis employees are under constant advanced phishing attacks on various social channels and one employee was compromised. This employee no longer works at Sky Mavis, but the attacker was able to take advantage of that access to penetrate the Sky Mavis IT infrastructure and gain access to the validation nodes.
During the hack to Ronin Bridge from Axie Infinity at the end of March 2022, the pirates managed to steal more than 540 million dollars in one of the biggest attacks in the cryptographic sector that are remembered in recent times.
It should be remembered that, in April 2022 and a few weeks after the attack, the United States Department of the Treasury directly implicated North Korea’s Lazarus Groupdenouncing the history of continuous attacks by this group against the cryptocurrency sector to raise funds for his government.
Today, Ronin’s Ethereum bridge is now restoredalthough it is now suspected that this same group of hackers North Koreans could be behind Another $100 Million Crypto Heist of the Harmony Horizon Bridge.
Be very careful, especially with corporate devices, because social engineering attacks are increasingly difficult to detect and can facilitate access to our computers and our company network by malicious users.
Be that as it may, and at this point, it is worth reminding you that you must be very careful what you do on the internetthe links and files that you open and to whom you give your personal information, since social engineering attacks keep getting more sophisticated and difficult to detect, being also one of the most dangerous.
Not in vain, bogus job offers have skyrocketed in recent times as a perfect decoy, also allowing the hackers relatively easy access to the internal systems of countless international companies just by cheating one person out of the hundreds of thousands of workers of any of the largest corporations on the planet.
Be very careful, especially if you use corporate devices beyond strictly professional matters!