This article comes from The BlockThis article comes from

, the original author: Ryan Weeks, compiled by Odaily translator Katie Koo.

Earlier this year, hackers tricked a senior engineer at Axie Infinity into applying for a job at a fictitious company, ultimately causing Axie Infinity to lose $540 million in cryptocurrency. Here are the details of the Axie Infinity hack reported by The Block.

Few job hunting experiences have been more stimulating than that of Axie Infinity Senior Engineer. His interest in joining a fictional company eventually led to one of the largest hacks in the crypto industry.

In November last year, Axie Infinity’s in-game NFTs had 2.7 million daily active users and $214 million in weekly transactions (both numbers have since dropped significantly).

In March of this year, Ronin, the Ethereum side chain of Axie Infinity, a leading P2E chain game, lost $540 million worth of cryptocurrencies. While the U.S. government later linked the incident to the North Korean hacking group Lazarus, full details of how the attack was carried out have not been disclosed. In fact, what ruined Ronin was just a fake job advertisement. A senior engineer at Axie Infinity was duped into applying for a job at a company that didn't actually exist, two people with knowledge of the matter said. The two people spoke on condition of anonymity due to the sensitivity of the matter.

Earlier this year, people claiming to represent the bogus company hooked up an employee of Axie Infinity developer Sky Mavis via LinkedIn and WhatsApp, luring him with a new job offer, according to people familiar with the matter. After multiple rounds of interviews, an engineer at Sky Mavis has landed an extremely well-paying job, sources say.

The fake offer was sent as a PDF file, which the engineer downloaded — allowing the Trojan to infiltrate Ronin's systems. Since then, hackers have been able to attack and take over 4 of the 9 validators on the Ronin network, leaving only 1 validator out of full control.

Sky Mavis analyzed the hack in a blog post published on April 27, saying: “Employees have been subjected to advanced phishing attacks on various social channels, and one employee was compromised. The employee no longer works at Sky Mavis. The attackers successfully exploited this access to infiltrate Sky Mavis' IT infrastructure and gained access to validator nodes."

Validators perform various functions in the blockchain, including creating blocks of transactions and updating data oracles. Ronin uses what it calls a "proof of authority" system to sign transactions, centralizing power in the hands of nine trusted validators.

“If five of the nine validators approve, the funds can be transferred,” blockchain analytics firm Elliptic explained in a blog post in April. The attacker managed to obtain the private encryption keys of the five validators. key, which is sufficient to steal cryptoassets.”

But after successfully infiltrating Ronin’s system via fake job ads, hackers took control of only 4 of the 9 validators — meaning the hackers needed another to gain control of the Ronin system.

In a post-mortem analysis, Sky Mavis revealed that the hackers successfully used Axie DAO, an organization that supports the gaming ecosystem, to complete the theft. Sky Mavis had requested Axie DAO in November 2021 to help with transaction load issues.

"Axie DAO allows Sky Mavis to sign various transactions on its behalf. Suspended in December 2021, but the allowed access list has not been revoked," Sky Mavis said in a blog post. "Once the attackers gained access to the Sky Mavis system, they were able to obtain signatures from the Axie DAO validators."

A month after the hack, Sky Mavis increased the number of its validator nodes to 11 and stated in a blog post that its long-term goal is to exceed 100.

When contacted, Sky Mavis declined to comment on how the hack was carried out. LinkedIn also repeatedly declined to comment.

Earlier today, ESET Research published an investigation showing that the North Korean hacking group Lazarus used LinkedIn and WhatsApp posing as recruiters to target aerospace and defense contractors. But the report does not link the technology to the Sky Mavis hack.

In early April, Sky Mavis raised $150 million in a funding round led by Binance. Proceeds will be used, along with the company's spare funds, to compensate users affected by the bug. Axie Infinity recently stated that it will begin returning user funds to users on June 28. Ronin’s Ethereum bridge, which was abruptly interrupted when it was hacked, was also restarted last week.