Major NFT Marketplace Tricked for $540M

Axie Infinity, the famous site with 3 million dealers of the in-game collectable NFTs, has been stolen $540 million in cryptocurrencies in a phishing scam focused around recruitment. The criminals are thought to be a malicious cyber organization with links to North Korea.

According to The Block, on March 23rd, cybercriminals acquired possession of secret keys associated with four network participants. As per the study, those nodes are part of the Ronin Network, whom Axie operates on. Axie’s DAO, an autonomous entity that maintains the game’s environment, owns the other node.

A secret key, like something of a passcode, is a confidential identifier being used in blockchain encryption. Trusted third-party nodes have devices that strive to maintain a chain of blocks by verifying and collecting payments.

Because Ronin is backed by nine auditors, the hacker gained full control of the system by possessing five of them. Sky Mavis is the creator of Ronin and Axie. Axie programs depend on a limited number of auditors. Ryan Spanier, VP of Innovation in Kudelski Security, noted via correspondence to Threatpost that this was not a common technique for public chains, however, we have seen it in private blockchain networks like Axie.

With total control, these hackers could essentially make payments to themselves, according to Spanier. Including all, they took 25.5M USDC and 173,600 ETH. That amounted to around $540 million in worth at the moment.

The Treasury Department of the US linked the Ethereum bitcoin address used in the hack to Lazarus Group later that month, hackers from North Korea.

How did they do it?

According to Ronin Network’s magazine, all indications point towards this operation as strategically planned, instead of a technological weakness, published around March 30. The revelation did not go into additional detail. Now, some unknown posters claiming insider understanding of the situation have stepped forward to offer the unsubstantiated inside narrative with journalists from The Block.

Early this year, recruitment agencies on LinkedIn contacted certain Sky Mavis employees with job prospects, according to reports. After several interviews, one expert was given a job with some really substantial wage package  This proposal was in the format of a PDF, however, when opened installed malware on his machine. As per The Block, the criminals then proceeded horizontally inside Ronin’s IT infrastructure, enabling them to grab the prized validation secret keys.

Mollie MacDougall, Cofense’s head of cybersecurity, said it clearly in a statement to Threatpost. She believes that public blockchains should develop an efficient hacking protection model that includes technologies with a physical level of protection, just like any other firm.