By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Windows 10 Pro vs. Home: which you should buy?
    12 months ago
    Why I’m Proud to Protect
    10 months ago
    Update iPhone to iOS 16.3 and Mac to macOS Ventura 13.2
    7 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    6 hours ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    1 day ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    1 day ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    2 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Surface Pro released and the 128 GB version already sold out at the online Microsoft Store [Updated]
    12 months ago
    Windows 11 build 22622.590 (KB5017846) outs in the Beta Channel
    12 months ago
    How to protect computer from virus and hackers on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    9 hours ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    9 hours ago
    Encrypted Client Hello – the last puzzle piece to privacy
    Encrypted Client Hello – the last puzzle piece to privacy
    9 hours ago
    Reminder: Enable two-factor authentication wherever you have it. This business
    13 hours ago
    ​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
    13 hours ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to find out what games your computer is pulling?
    12 months ago
    Winamp Skin Museum
    12 months ago
    How to view saved password in Safari on iPhone and iPad?
    12 months ago
    Latest News
    How to enable extensions for Google Bard AI
    7 hours ago
    Window 11 Copilot: 10 Best tips and tricks
    14 hours ago
    How to create AI images with Cocreator on Paint for Windows 11
    2 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    3 days ago
  • Glossary
  • My Bookmarks
Reading: A half-a-billion-dollar crypto heist
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Threats

A half-a-billion-dollar crypto heist

Vitus White
Last updated: 13 October
Vitus White 12 months ago
Share
7 Min Read

We often write about scams promising someone mountains of gold, when in reality the opposite happens and their pockets get emptied. Similarly, cybercriminals can get their hands on the money of entire companies by exploiting the greed and negligence of their employees.

Contents
A word about Axie Infinity and Ronin NetworksA juicy offer: how scammers tricked the developersSpyware in action: withdrawal of fundsThe Sky Mavis responseHow to stay protected

That’s exactly what happened with the Ronin Networks blockchain system, created by Sky Mavis for the play-to-earn game Axie Infinity. A Sky Mavis employee downloaded a PDF file with spyware hidden inside, resulting in one of the biggest cryptocurrency thefts ever. The company lost 173 600 ETH and 25.5 million USDC (around $540 million at the time of the incident). We discuss the attack in more detail and share tips on how to protect yourself.

A word about Axie Infinity and Ronin Networks

Axie Infinity is an online video game in which players earn cryptocurrency with the help of fantastic creatures known as “axies” which can be “bred,” used in competitions and sold to other players. To players, axies look like cuddly animals, but they are essentially non-fungible tokens (NFTs).

Released in 2018, Axie Infinity soon gained a wide audience. At its peak, players could earn so much that for some in South East Asia it became a full-time job. In its record-breaking November 2021, the game had a daily player count of 2.7 million and revenues last year hit $215 million per week (by the summer of 2022, however, they had dipped to a modest $1 million per week).

Payments in the Axie Infinity ecosystem are made using the in-game currency Smooth Love Potion (SLP), based on the Ethereum blockchain. To allow users to buy and sell SLP for regular cryptocurrency conveniently and without high fees, the developers created the Ronin platform. It was this platform that attracted cybercriminal attention.

A juicy offer: how scammers tricked the developers

To get to the platform, the attackers carried out a targeted attack on Sky Mavis employees. They collected information about the company and devised a scam built around a fake job offer with a very attractive salary.

The scheme involved sending (most likely on LinkedIn) a tempting job offer to a senior engineer, who should have known better. Having passed all the “selection stages” with flying colors, the employee, as expected, received the mouth-watering offer in the form of a PDF file. When this file was downloaded, the spyware inside it was released into the company’s network.

Spyware in action: withdrawal of funds

The cybercriminals used the malware to gain access to the private keys of network validators, that is, nodes that verify and confirm cryptocurrency transactions. There were nine such validators in Ronin Networks at the time of the attack, and to carry out the transfer, at least five of them had to approve it. Eventually, the attackers managed to compromise four validators at the company itself and a fifth in the decentralized autonomous organization Axie DAO, where it would (and should) not have been, were it not for an oversight on the part of Sky Mavis itself.

Turns out in November 2021, due to the high volume of transactions and load on the validators, the company allowed Axie DAO to approve transfers. After a month, the load decreased, and Axie DAO’s assistance was no longer required — but the rights to approve transactions were not withdrawn, which played into cybercriminals’ hands. Having penetrated the Sky Mavis system, the hackers also gained access to Axie DAO, which provided the fifth validator needed to withdraw funds from others’ accounts to their own.

The Sky Mavis response

On discovering the attack, Sky Mavis acted responsibly and took steps to beef up security. The company brought in outside security experts from Verichains and CertiK, and conducted a thorough audit of Ronin Networks. Sky Mavis also increased the number of validators to 11, promising to gradually scale up to at least 100. The larger the total number of validators there are, the more of them have to be compromised to carry out unauthorized transactions, so increasing their number should in theory make such attacks more difficult.

Since the stolen funds actually belonged to Axie Infinity players, Sky Mavis began compensation payments to victims on June 28. For this, the company leveraged both its own resources and $150 million of Binance funding received in early April.

How to stay protected

When planning targeted attacks, cybercriminals carefully study the victim for weak spots. These can be both security holes in devices and software, as well as the human factor. The “hero” of our post was an experienced IT specialist, but even they were duped. To avoid a similar fate and keep hold of your data, money and tokens, stay vigilant and do not neglect security measures.

  • Do not trust unexpected generous offers: be it your dream job with a huge salary, a prize, an inheritance from some far-flung relative or other heaven-sent goodies.
  • Avoid downloading files or following links in e-mails and messages from senders you don’t know. All the more so if you’re on the office network and the files and links are not work-related.
  • Use a reliable security solution that will prevent malware from running on your device.

Source: kaspersky.com

Translate this article

TAGGED: Malware, SASE, Security, Software, SQL injection, Targeted Attack, Threats, Transport Layer Security
Vitus White October 13, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 9 hours ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 9 hours ago
Encrypted Client Hello – the last puzzle piece to privacy
Encrypted Client Hello – the last puzzle piece to privacy
Apps 9 hours ago
Beware of scammers! Dangerous apps in the App Store
Threats 9 hours ago
How to enable extensions for Google Bard AI
News 10 hours ago

You Might Also Like

Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

9 hours ago
Privacy-preserving measurement and machine learning
Apps

Privacy-preserving measurement and machine learning

9 hours ago
Encrypted Client Hello – the last puzzle piece to privacy
Apps

Encrypted Client Hello – the last puzzle piece to privacy

9 hours ago
Threats

Beware of scammers! Dangerous apps in the App Store

9 hours ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
Critical Vulnerability in Forminator Plugin
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
Previous Next

10 New Stories

Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
​​Let's find out who is watching your Instagram stories from a fake Have you ever wondered
Window 11 Copilot: 10 Best tips and tricks
How To Limit Login Attempts on WordPress (+ Should You?)
Previous Next
Hot News
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?