1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • An elaborate LinkedIn scam led to one of the largest heists in cr

    From TechnologyDaily@1337:1/100 to All on Thu Jul 7 14:15:04 2022
    An elaborate LinkedIn scam led to one of the largest heists in crypto history

    Date:
    Thu, 07 Jul 2022 13:00:24 +0000

    Description:
    It all started with a developer receiving a fake job offer.

    FULL STORY ======================================================================

    An elaborate LinkedIn scam was the source of one of the world's largest
    crypto heist, the victim has revealed.

    In a post-mortem article, the Ronin Network explained that an employee at Sky Mavis, the developer of the Axie Infinity Game (powered by Ronin's blockchain "bridge") was approached via LinkedIn with a fake job offer.

    The offer looked good, and the developer showed interest. They later went through a number of interview rounds, until eventually being offered a lucrative position. The scammers then abused the trust they had developed to infect the individual's device with malware . Elaborate social engineering

    Given that the developer was taken through multiple interview rounds, it
    would seem this was quite an elaborate scheme.

    When he was finally offered the job, he received a malware payload disguised as a .PDF file. With the help of that malware (which obviously wasnt picked
    up by any antivirus program ), the attackers managed to take control over
    four in nine validators for the Ronin Network.

    Validators are entities that approve the transactions on the network, and in order to withdraw the funds, the attackers needed five confirmations. They were one endpoint short. Read more

    The maker of Axie Infinity just suffered one of the largest heists in
    crypto history


    Hackers steal $100m from another breached crypto bridge


    Best identity theft protection of 2022

    Thats where the DAO (Decentralized Autonomous Organization) comes in. As further explained in the post-mortem, in November 2021, Sky Mavis asked the Axie DAO to help deal with a heavy transaction load that was occurring at the time.

    The Axie DAO allowlisted Sky Mavis to sign various transactions on its
    behalf. This was discontinued in December 2021, but the allowlist access was not revoked, said Sky Mavis in the blog post. Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator.

    The hack saw 173,600 ether (the native currency of the Ethereum blockchain) and 25.5 million USD Coin stolen, totalling $625 million in value. Some commentators suggested this was potentially the largest single heist in
    crypto history.

    Sky Mavis has since increased the number of validators to 11, with plans to bring that number up to 100. These are the best ransomware protection
    services right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/an-elaborate-linkedin-scam-led-to-one-of-the-la rgest-heists-in-crypto-history/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)