New details have emerged about the hack of game developer Sky Mavis: the creators of crypto game Axie Infinity were reportedly hacked with the help of a well-crafted fake job offer. In the hack on the game’s underlying bridge in March 2022, attackers managed to steal cryptocurrencies worth $625 million at the time.
As reported by The Block, citing anonymous witnesses, in early 2022, several developers at Sky Mavis were reportedly contacted by individuals from a company. The latter encouraged the programmers to apply to the other company and offered them much better conditions.
The poaching company never existed, however; the attempted headhunting, some of which was conducted via Linkedin, was simply part of a large-scale, obviously well-crafted scam. In fact, the efforts included several rounds of job interviews, according to insiders.
Marathon job applications ended with Trojan PDF
A developer at Sky Mavis was reportedly offered a very well-paid job when the application marathon ended. This offer was sent in a PDF file – which eventually contained a Trojan. The hackers were thus able to take over four of the nine validator nodes required in Sky Mavis’ Ronin Bridge to approve transactions.
The final node needed for a majority was acquired via the Axie DAO. Using the majority, the attackers were able to transfer large amounts of cryptocurrency from the bridge to their wallets. Until now, Sky Mavis had only revealed that a developer’s private keys had been compromised, enabling the hack.
Sky Mavis declined to comment on the new details of the attack. So far, the attack has been blamed on the North Korean hacker group Lazarus. Sky Mavis has been trying to at least partially compensate its users since the hack.
Also Read:
