On March 23, 2022, Sky Mavis, the developer of the popular blockchain-based video game Axie Infinity suffered a breach that caused the loss of hundreds of millions of dollars in assets. A company engineer targeted in a socially engineered phishing scheme accidentally downloaded malware through an infected PDF file and caused the company to get hacked out of more than $620 million in cryptocurrency.
Axie Infinity Breach Details: Spear Phishing with PDFs
Sky Mavis disclosed that the source of the breach was traced to an employee who was compromised by a sophisticated spear-phishing attack. The hackers disguised themselves as a fake company and contacted the engineer through LinkedIn, offering a high-paying position. The fraudsters took the scheme to the next level, holding several rounds of interviews with the unsuspecting candidate that resulted in a job offer. When the company sent the formal offer as a PDF, the Sky Mavis engineer thought nothing of opening the attached PDF file.
Unfortunately for Sky Mavis, that file was injected with malware that penetrated the company’s IT infrastructure. The hackers gained access to a series of validator nodes that allowed them to execute fake withdrawals, stealing more than $620 million worth of cryptocurrency.
The culprits behind the Axie Infinity Breach
Three weeks after the breach, the FBI formally attributed the attack to the Lazarus Group and APT38 – known hackers with ties to the Democratic People’s Republic of Korea (DPRK). North Korean hackers have a history of cryptocurrency heists, having stolen $400 million in at least seven attacks against cryptocurrency platforms in 2021 alone. The North Korean government is also known for carrying out financially-motivated cybercrime.
The outcome of the Axie Infinity Breach
According to the post-mortem published by Sky Mavis following the breach, the company guarantees to repay the stolen funds. The capital will come from a $150 million Sky Mavis funding round, company balance sheet assets, and personal funds from the core team. The company also commits to improving its security posture by boosting its tracking and monitoring systems, investing in employee awareness of phishing schemes, implementing additional validator nodes, and implementing a zero-trust security model. This approach assumes that every individual, account, or device attempting to connect to the company network or systems is suspicious and must be verified before granting access. By limiting access to the network, a Zero Trust Security model helps the organization contain breaches – even internal ones – and minimize potential damage.
How to Protect from Attachment-Based Phishing Attacks like the Axie Infinity Breach
The security issues seen in Axie Infinity’s hack are all too common. Companies lose hundreds of thousands of dollars in assets every year thanks to social engineering attacks like phishing. Since a primary attack vector is employees downloading malicious files sent in these phishing attacks, the best defense is to stop the files before they enter the organization’s network.
With Votiro Cloud, organizations can protect against hidden threats delivered via files without slowing down the regular course of business. Unlike detection-based file security solutions that scan for suspicious elements and block some malicious files, Votiro Cloud takes a Zero Trust approach to files by cleansing every file that enters an organization of malware – regardless of the channel it enters through. Votiro is able to do this quickly, accurately, and without detection by allowing through only the safe elements of each file.Votiro has sanitized more than 7 billions files for governments and private sector companies worldwide. To learn more about how Votiro’s innovative approach to file security can protect your organization from breaches like the one Axie Infinity suffered, click here.
*** This is a Security Bloggers Network syndicated blog from Votiro authored by Votiro. Read the original post at: https://votiro.com/blog/everything-we-know-about-the-axie-infinity-breach/