Summary
Hackers tricked a senior engineer at Axie Infinity into applying for a job at a fictitious company. After multiple rounds of interviews, the fake job offer with an extremely generous compensation package was delivered as a PDF file, which the engineer downloaded, allowing spyware to infiltrate Roninโs systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network, but leaving them just one validator short of total control.
The hackers managed to use the Axie DAO โ a group set up to support the gaming ecosystem โ to complete the heist. Sky Mavis had asked the DAO for help dealing with a heavy transaction load in November 2021. โThe Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allowlist access was not revoked,โ said Sky Mavis in the blog post. โOnce the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator.โ