From: thepipeline_xyz
Phishing and social engineering are common tactics used by attackers to gain unauthorized access to systems or funds [00:00:10]. These methods often exploit human vulnerabilities rather than technical ones.
Case Study: Ronin Network Hack
A notable example of a phishing and social engineering attack is the compromise of the Ronin blockchain company, known for its popular game Axi [00:00:00].
- Initial Compromise: A devops engineer at Sky Mavis, Ronin’s parent company, was phished with a job offer [00:00:10]. The engineer reportedly clicked an executable file received as part of this fake job offer [00:00:16].
- Key Acquisition: This single point of failure allowed the attacker to gain access to the engineer’s device [00:00:20]. From there, through social engineering, they were able to obtain four keys for a multi-signature wallet [00:00:26]. A multi-signature wallet functions like a door requiring multiple keys to unlock it; in this instance, five out of nine keys were needed [00:00:31].
- Lateral Movement: The attackers then performed “lateral movement,” transitioning from the compromised engineer’s device to another system to acquire a fifth key [00:00:44].
- Massive Exploitation: With all five required keys, the attackers successfully compromised the system, leading to what may be the largest hack in history, resulting in approximately half a billion dollars in damages [00:00:52]. This extensive damage originated from a seemingly innocuous office email [00:01:00].