Spear Phishing Fake Job Offer Likely Behind Axie Infinity’s Lazarus $600m Hack
A fake LinkedIn job offer was the reason behind Axie Infinity’s $600m hack, according to a new investigation by The Block.
The digital assets-focused outlet said on Wednesday that while the US government attributed the attack to the North Korean hacker group Lazarus, full details of how the exploit was executed had not been disclosed.
The Block said that according to two unnamed people with direct knowledge of the matter, a senior engineer at Axie Infinity named Sky Mavis was tricked into applying for a job at a non-existent company.
Mavis would have been approached by people via LinkedIn encouraging her to apply for the job, and after passing multiple interviews, she was offered a job with “an extremely generous compensation package.”
The message with the fake offer, however, contained a PDF that, once opened, would have delivered spyware that infected Ronin, the Ethereum-linked sidechain upon which Axie Infinity was based.
The malware would have then enabled hackers to attack and take over four out of nine validators on the Ronin network.
“This is a perfect example of the risks of file-based threats and how easy it is for hackers to infiltrate your systems through documents shared both externally and internally,” Glasswall CEO Danny Lopez told Infosecurity Magazine.
“You can never be too careful – no matter how legitimate something looks on the surface, it can harbor malicious code,” Lopez added.
According to the security expert, taking a proactive approach to cybersecurity is far more efficient and cost-effective than relying on a reactive approach.
“Content Disarm and Reconstruction (CDR) technology is an example of a proactive approach that provides immediate protection as a threat enters the IT environment,” Lopez explained.
“All files undergo an instant, four-step process to ensure that every document is completely safe by removing any potentially malicious code.”
Lopez called CDR a simple, proactive solution and said it is particularly valuable because it helps to create a digital environment where a threat cannot exist.
“This means that users can trust every document that enters or leaves an organization. What’s more, CDR achieves this quickly, allowing operations to continue as usual without sacrificing productivity or security.”
The Sky Mavis news comes weeks after the US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned cryptocurrency mixing service Blender.io after it was allegedly used by North Korean hackers in the Ronin hack.