At the end of March 2022 it was announced that Axie Infinity, one of the most popular NFTs games was hacked with a millionaire loot in which hackers stole 625 million dollars in cryptocurrencies, a few months after the incident, it was announced that the computer theft had two main causes, a spyware and a fake job offer.
According to The Block, the staff of Axie Infinity developer Sky Mavis earlier this year received proposals from a group of people who encouraged them to apply for jobs at a company that was fake and promised huge salaries in exchange for their work.
One of the engineers accepted after making approaches through LinkedIn, after passing several (false) filters, they offered him a job with a salary and benefits that he could not refuse, for which, they sent him the offer in a PDF document. What this computer scientist did not expect was that the file was infected with spyware, which was intended to infiltrate the systems of Ronin, the game’s blockchain.
Being one of the main responsible for the game, the hackers managed to get hold of four of the nine transaction validators necessary to verify a purchase or sale on the blockchain, however, they lacked one to complete the theft. This was obtained through a group called Axie DAO, which was originally created to help the ecosystem to support the huge transaction burden that was in place by November 2021.
Being on a list of validators, the hackers managed to gather five transaction validators, with which they were able to access the network. It should be noted that according to the game’s challenger, Axie Dao’s validation permit had been removed in December 2021, but access to the list was apparently not revoked.
DATUM
A month after the attack was carried out, Axie Infinity increased the number of validation nodes to 11 and its goal is to reach 100 with the aim of greater security. Axie Infinity in conjunction with Binance reimbursed some users the stolen amounts raising an approximate of 150 million dollars, which would be enough to compensate for the damages.