Hackers Used Fake Job Offer on LinkedIn to Target Axie Infinity

It has emerged that the $540 million hack of Axie Infinity’s Ronin Bridge in March 2022 was the consequence of one of its former employees getting tricked by a fraudulent job offer on LinkedIn.

According to a report written by The Block, which was published last week, two people familiar with the matter were cited. Allegedly, a senior engineer at the company was tricked into applying for a job at a non-existent company, causing the individual to download a fake offer document disguised as a PDF.

The Block stated: “After what one source described as multiple rounds of interviews, a Sky Mavis engineer was offered a job with an extremely generous compensation package.”

The offer document acted as a vessel to deploy malware designed to breach Ronin’s network, leading to one of the crypto sector’s largest hacks to date.

In April, in an analysis of the attack, the company said: “Sky Mavis employees are under constant advanced spear-phishing attacks on various social channels and one employee was compromised.”

“This employee no longer works at Sky Mavis. The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes.”

In April 2022, the U.S. Treasury Department implicated the Lazarus Group, a North Korea-backed hacking group, in the incident, calling out the adversarial collective’s history of attacks targeting the cryptocurrency sector to gather funds for the hermit kingdom.

The earliest example of using fake job offers a social engineering lure used by the advanced persistent threats (APT) can be found linked to a campaign in August 2020 dubbed by Israeli cybersecurity firm ClearSky as “Operation Dream Job.”

ESET, in its T1 Threat Report for 2022, noted how actors operating under the Lazarus umbrella have used fake job offers through social media as its strategy for targeting defence contractors and aerospace companies.

Ronin’s Ethereum bridge was relaunched in June. However, the same group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge.

The post Hackers Used Fake Job Offer on LinkedIn to Target Axie Infinity appeared first on IT Security Guru.

Recent Posts
Contact Us

We're not around right now. But you can send us an email and we'll get back to you, asap.

Not readable? Change text. captcha txt