One hack can hide another – Wednesday, March 30, 2022 Ronin, the The cryptocurrency platform Axie Infinity has been revealed to be the victim of a hack of its decentralized exchange (DEX) Katana. Broken and weak, blockchain cops like Binance and Elliptic have lent Sky Mavis, the parent company of the Axie Infinity ecosystem, to help remove this bag of knots. Ronin, despite his attempts at transparency through his networks, however, did not clarify some gray areas. They were featured by our colleagues from The Block.
Axie Infinity: look back at the hack of the century
Let’s see what we know. On March 30, 2022, KatanaRonin’s decentralized exchange was attacked and victimized by the theft of one of its liquidity pools. 173,600 ETH and 25.5 million USDC then evaporate into the blockchain, sent to multiple wallets.
Officially, Axie Infinity explained that it was a request for withdrawal of 5,000 ETH who issued the alert. There was not enough liquidity at that time. Afterwards, blockchain analysis determined that the theft had occurred earlier, on March 23. Aided by numerous surveys, we know that the Lazarus group, the North Korean piratesallegedly behind the attack.
About the origins of error and of backdoor used by hackers, the information remains unclear. Axie Infinity then insisted that the developers of its game weak and subject to multiple network attack attempts. So, in a blog post published on April 27, almost a month after the hack, Sky Mavis says:
“Sky Mavis employees have been subjected to frequent phishing attacks on various social channels and one employee has been compromised. This employee is no longer working at Sky Mavis. The attacker was able to use this access. to gain access to Sky Mavis ’IT infrastructure and gain access to validate nodes.»
>> Are you looking for a properly regulated crypto platform? Sign up for Binance (associated link) <
Ronin collapsed with a click
So there are still gray areas. How did hackers gain access to Axie Infinity’s developer network? Our colleagues at The Block then silenced the noises in the hallway. Their sources, which they want to keep anonymous, are a sensitive subject obligatory, disclose the modus operandi used by the suspects.
So it seems that the impetus that allowed the hacker to attack Katana was a fake job offer on LinkedIn, the network of professional relationships. The engineer would have been deceived applying for a fictional company. He then downloaded the offer as a compromised PDF document. This attack phishing thus allowing hackers to gain access to its system.
The engineer’s access to the system thus ensures that he or she has access to 4 validation keys. Then he needs more than one to get to 5 signatures are required of the 9 requested. In the end, the attacker misused Axie DAO. Designed to address serious transaction flow issues, this solution is temporary until the end of 2021. However, no one revoked Axie DAO’s permissions when support ended.
“It started in November 2021 when Sky Mavis enlisted the help of Axie DAO to distribute free transactions due to the large user load. Axie DAO allowed Sky Mavis to sign various transactions for it. It was discontinued. it was in December 2021, but access to the permit list was not revoked. »
The pieces of the puzzle come together, and this past hack keeps the ink flowing. The game to get a giant understands the lesson. It has already expanded its network to 11 validators, started paying its users and restored the full circulation of exchanges in its ecosystem. The long-term goal is to have 100. In addition to the Axie Infinity hack, this case revealed by The Block also reminds us of the importance of security on social networks. Proved by the increasing number of hacks since the start of 2022: Axie Infinity, consent, Optimism, Bored Ape Yacht.
Avoid too-good-to-be-true offers like the plague and practice health with suspicion. On the other hand, also learn to place reasonable trust in respected and recognized players in the ecosystem. Binance Registration, undisputed leader in the crypto sector. In addition, this exchange of reference has acquired the status of PSAN in France (affiliate link).