A fake job offer on LinkedIn was the reason behind the roughly $600 million hack of Axie Infinity, the popular blockchain game that pays players cryptocurrencies, according to a new investigation by The Block. The digital asset-focused company said Wednesday that while the US government blamed the attack on North Korean hacker group Lazarus, full details of how the exploit was carried out were not released.
The Block said that according to two unnamed people with direct knowledge of the matter, a senior engineer at Sky Mavis, the developer of play-to-earn (P2E) game Axie Infinity, was tricked into applying for a job at a non-existent company. He was reportedly approached by people via LinkedIn urging him to apply for the job and, after going through several interviews, received an offer with “an extremely generous compensation package”.
The message with the fake offer, however, contained a PDF that, once opened, dropped spyware that infected Ronin Nertwork, its newly launched blockchain linked to the Ethereum (ETH) cryptocurrency, on which Axie Infinity was based. The malware would then have allowed hackers to attack and take over four of the nine validators on the Ronin network.
Sky Mavis announced this week that it will begin returning cryptocurrency to Ronin victims, totaling 173,600 Ethereum (ETH) and 25.5 million USD Coin (USDC), around $612 million at the day of the attack, which were stolen from users.
According to the security expert, taking a proactive approach to cybersecurity is far more efficient and cost-effective than relying on a reactive approach. News of the hack comes weeks after the Treasury’s Office of Foreign Assets Control (OFAC) of the US has punished cryptocurrency mixing service Blender.io for its role in laundering stolen money from Axie Infinity.