From: thepipeline_xyz
The Ronin blockchain company hack is considered one of the largest in history [00:00:53], resulting in approximately half a billion dollars in damages [00:01:00].
Background
Ronin, a blockchain company, developed a popular game called Axie [00:00:00]. Its parent company was Sky Mavis [00:00:04].
The Attack Vector
The hack originated when a Devops Engineer at Sky Mavis was fished with a job offer [00:00:10]. The engineer clicked on an executable file, which was the initial point of compromise [00:00:18].
Exploiting Multi-sig Vulnerability
A critical point of failure was that one person’s device had access to four keys for a multi-signature (multi-sig) system [00:00:20]. A multi-sig is like a door requiring multiple keys to unlock it; in this case, five out of nine total key holes were needed [00:00:31].
Through social engineering, attackers initially gained control of four of these keys from the compromised engineer’s device [00:00:41]. They then performed lateral movement, moving from the compromised device to another, to acquire the fifth necessary key [00:00:44]. With all five keys, they were able to compromise the system [00:00:50].
Scale and Impact
This hack, stemming from a seemingly innocuous office email, led to a substantial loss of approximately half a billion dollars [00:01:00] and exploited TBL [00:01:02].