The hack that caused Axie Infinity losses of $620 million in crypto started with a fake job offer from North Korean hackers to one of the game’s developers.
The attack happened in March 2022 and pushed into the ground the then massively popular and quickly-growing game from Sky Mavis.
By April 2022, the FBI was able to link the attack to the Lazarus and APT38 hackers, two groups who are often involved in cryptocurrency heists for the North Korean government.
In a recent report from news publication on digital assets The Block, sources with knowledge about the attack said that the threat actors contacted staff at Sky Mavis over LinkedIn, posing as a company looking to hire them.
One senior engineer at Axie Infinity showed interest in the fake job offer, due to the very generous salary, and went through multiple rounds of interviews.
At one point, the engineer received a PDF file with details about the job.
However, the document was the hackers' way into the Ronin systems - the Ethereum-linked sidechain that supports the Axie Infinity non-fungible token-based online video game.
The employee downloaded and opened the file on the company’s computer, initiating an infection chain that enabled the hackers to penetrate Ronin’s systems and corrupt four token validators and one Axie DAO validator.
According to the firm’s post-mortem, the employee who fell victim to the spear-phishing attack has since been removed from its workforce.
However, the game is still launching investment initiatives and technical restarts trying to regain its momentum.
The financial damage was so fundamental that Sky Mavis is still in the process of reimbursing the players who were affected by the hack.