An elaborate LinkedIn scam led to one of the largest heists in crypto history

(Image credit: Gustavo Frazao / Shutterstock)

An elaborate LinkedIn scam was the source of one of the world's largest crypto heist, the victim has revealed.

In a post-mortem article, the Ronin Network explained that an employee at Sky Mavis, the developer of the Axie Infinity Game (powered by Ronin's blockchain "bridge") was approached via LinkedIn with a fake job offer. 

The offer looked good, and the developer showed interest. They later went through a number of interview rounds, until eventually being offered a lucrative position. The scammers then abused the trust they had developed to infect the individual's device with malware.

Elaborate social engineering

Given that the developer was taken through multiple interview rounds, it would seem this was quite an elaborate scheme.

When he was finally offered the job, he received a malware payload disguised as a .PDF file. With the help of that malware (which obviously wasn’t picked up by any antivirus program), the attackers managed to take control over four in nine validators for the Ronin Network.

Validators are entities that approve the transactions on the network, and in order to withdraw the funds, the attackers needed five confirmations. They were one endpoint short.

That’s where the DAO (Decentralized Autonomous Organization) comes in. As further explained in the post-mortem, in November 2021, Sky Mavis asked the Axie DAO to help deal with a heavy transaction load that was occurring at the time. 

“The Axie DAO allowlisted Sky Mavis to sign various transactions on its behalf. This was discontinued in December 2021, but the allowlist access was not revoked,” said Sky Mavis in the blog post. “Once the attacker got access to Sky Mavis systems they were able to get the signature from the Axie DAO validator.”

The hack saw 173,600 ether (the native currency of the Ethereum blockchain) and 25.5 million USD Coin stolen, totalling $625 million in value. Some commentators suggested this was potentially the largest single heist in crypto history.

Sky Mavis has since increased the number of validators to 11, with plans to bring that number up to 100.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.