The crypto hack, in which the gaming platform Axie Infinity lost US$620 million worth of crypto, began with a fake job interview that one of the game’s developers engaged.
The attack took place in March and in April the Federal Bureau of Investigation (FBI) linked the attack to the Lazarus and APT38 hackers, both of whom are linked to the North Korean government.
According to sources familiar with the investigation, the attackers contacted Sky Mavis (the company behind the Axie Infinity game) staff via LinkedIn with the bogus intention of hiring them.
One of the senior developers of Axie showed interest in the job offer and received a PDF file pretending to be details of the job offer. The malicious document gave the attackers access into the Ronin systems.
The Ronin system is the Ethereum-linked sidechain that supports the Axie Infinity non-fungible token-based online video game.
The employee downloaded and opened the file on the company’s computer, triggering a chain of infection that allowed the hackers to break into Ronin’s systems and corrupt four token validators and an Axie DAO validator.
The employee has been relieved of his position while the gaming platform works tirelessly to rebuild and refund players affected by the hack.
The sources for this piece include an article in BleepingComputer.