A Fake Job Offer – Phishing Attack Causes Axie Infinity to Lose Millions

When it comes to cybersecurity, especially within companies, one single motto should be followed: Trust Noone! Whether it’s an outsider or an employee, anyone should be treated like an attacker. This actually encouraged the use of security measures such as ZTNA. Yes, even employees can pose a threat, which we’ve seen on multiple occasions, including the newest Axie Infinity’s Ronin Bridge data breach.

A simple mistake can wreak havoc, especially if the company is as big and reputable as Axie Infinity. Unfortunately, one of the company’s employees slipped up and fell for a malicious phishing attack.

Apparently, the threat actors tricked the employee into applying for a job at a non-existent company. What happened then? How much did the company lose in terms of money? Find out below.

Axie Infinity Phishing Attack – A Fake Job Ad Was Ronin’s Undoing

Phishing attacks involving fake claims have become a popular practice among cybercriminals. In other words, fake claims can cause some real damage to companies.

A couple of days ago, a phishing campaign saw fake Yandex forms informing victims of copyright infringement. This shows how common this approach has become.

Now, we’re back to an incident that happened earlier this year with Ronin Bridge, but the details about how the exploit occurred were never disclosed. Well, now they are.

It all started with a fictitious company that sent a generous job opportunity to one of Axie Infinity’s senior engineers. It’s definitely shocking how a single fake ad can lead to one of the crypto sector’s biggest hacks. According to The Block:

“After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package.”

The ambitious employee saw an opportunity and he decided to take it. Little did he know what was waiting for him and the company deep within the job offer.

Straight from the Lazarus Pit

As with most phishing attacks, the users receive an email or a text that includes some sort of link. In this case, the employee fell for the trick and downloaded a fake offer document disguised as a PDF.

Once the PDF was on the device, it allowed spyware to infiltrate Ronin’s systems. As a result, the threat actors were able to attack and take over four out of nine validators on the Ronin network.

The company suffered huge losses due to the attack. According to the report by The Block, the scheme resulted in the loss of $540 million in crypto. Obviously, Sky Mavis fired the employee after the incident:

 “This employee no longer works at Sky Mavis. The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes.”

The attack is very big and impactful, which raises one question: Who could have the means to pull this off? What group can perform such a sophisticated attack?

That’s easy to answer. A breach like this requires a capable group, and according to the US government, it’s definitely the North Korean hacking group Lazarus.

Axie Infinity Phishing Attack – The Lazarus Group Strikes, Again

This incident shows how one fake ad can take out the world’s most popular crypto game. If Axie Infinity fell victim to such an attack, you might end up as an easy target.

Phishing attacks start off with an email or a text that includes a link. If you avoid clicking it, you can save yourself from falling into a dangerous predicament.

Ths loss that Axie Infinity has to endure is huge, but it’s a nudge to work more on its infrastructure’s security and to spread cybersecurity awareness among its employees.