The encryption industry has suffered a massive hacker attack, originating from a fake job advertisement.

The exclusive sidechain of Axie Infinity, Ronin, suffered a major hacker attack in March this year, resulting in a loss of $540 million in cryptocurrency. This incident is considered one of the largest hacker attacks in the history of the cryptocurrency industry. Although the U.S. government later linked the incident to a North Korean hacker organization, the specific methods of operation have not been fully disclosed.

It is reported that this attack is closely related to a fake job advertisement. According to reports, earlier this year, a person claiming to represent a certain company contacted employees of Axie Infinity developer Sky Mavis through a professional social networking platform, encouraging them to apply for jobs. After multiple rounds of interviews, a Sky Mavis engineer landed a high-paying position.

Subsequently, the engineer received a forged job offer letter presented in PDF format. When the engineer downloaded and opened this document, the Hacker software successfully infiltrated Ronin's system. The Hacker then attacked and took control of four out of the nine validators on the Ronin network, just one step away from fully controlling the entire network.

Sky Mavis stated in a follow-up statement that company employees continue to suffer from various high-level phishing attacks across social channels, ultimately leading to one employee being successfully compromised. This employee is no longer working at Sky Mavis. The attackers leveraged the gained access to infiltrate the company's IT infrastructure and gained control over the validation nodes.

Ronin uses an "authority proof" system for transaction signing, concentrating power in the hands of nine trusted validators. Blockchain analysis experts explain that as long as five validators approve, funds can be transferred. The attacker managed to obtain the private keys of five validators, successfully stealing a large amount of encryption assets.

After successfully infiltrating the Ronin system through a fake recruitment advertisement, the Hacker controlled four out of nine validators. To complete the attack, they also needed support from another validator. Sky Mavis disclosed that the Hacker ultimately exploited the Axie DAO (an organization supporting the gaming ecosystem) to carry out the attack. It turned out that Sky Mavis had requested the DAO's assistance in handling heavy transaction loads in November 2021, but did not revoke the related access permissions after stopping in December 2021.

A month after the hacker attack, Sky Mavis increased the number of its validating nodes to 11 and stated that the long-term goal is to have over 100 nodes. The company secured $150 million in funding in early April to compensate affected users. Recently, Sky Mavis announced that it would start refunding users on June 28. The Ronin Ethereum bridge, which was previously suspended due to the attack, was also restarted last week.

Security experts recommend that industry practitioners should always pay attention to the security intelligence of major threat platforms, conduct self-assessments, and remain vigilant. Developers should perform necessary security checks before running executable programs. At the same time, implementing a zero-trust mechanism can effectively reduce the risks posed by such threats. For users using physical machines, it is recommended to keep real-time protection of security software enabled and to update the latest virus database in a timely manner.