From: thepipeline_xyz
One of the largest hacks in history involved the Ronin blockchain company, the parent company of which was Sky Mavis [00:00:04]. This company was behind the popular game, Axie [00:00:02].
The Compromise
The incident began when a Devops Engineer from Sky Mavis was fished through a deceptive job offer [00:00:10]. The engineer clicked on an executable file received as part of this offer [00:00:18].
Exploiting Multisignature Security
A critical point of failure was that this single compromised device gained access to four keys for a multi-signature (multisig) system [00:00:20]. A multisig system acts like a door requiring multiple keys to unlock it, in this case, five out of nine total keyholes were needed [00:00:31].
Through social engineering, the attackers were able to acquire four of the necessary keys from the initial compromise [00:00:41]. They then executed lateral movement, shifting from the compromised device to another, to obtain the fifth key [00:00:44].
The Outcome
With all five keys in their possession [00:00:50], the attackers were able to compromise the system. This hack resulted in an estimated loss of approximately half a billion dollars, making it potentially the largest hack in history [00:00:53]. The incident highlights how a seemingly simple phishing email can lead to catastrophic financial damage [00:01:00].