From: thepipeline_xyz
A significant incident demonstrating the dangers of social engineering and phishing attacks involved a blockchain company called Ronin, which was affiliated with Sky Mavis, the parent company behind the popular game Axie [00:00:00].
The Ronin/Sky Mavis Hack
The hack, which could be the largest in history, originated from a seemingly innocuous phishing attempt [00:00:53].
Attack Vector
- Initial Compromise: One of Sky Mavis’s DevOps Engineers was targeted with a fake job offer, a common tactic in phishing scams in the crypto industry [00:00:10].
- Malware Delivery: The engineer reportedly clicked on an executable file contained within the job offer email [00:00:18]. This single action created a critical point of failure, allowing the attacker to gain access to the employee’s device [00:00:20].
Exploiting the Multi-Sig Wallet
The Ronin system utilized a multi-signature (multi-sig) wallet, which acts like a “door with many keys” [00:00:31]. To unlock it, five out of nine total keys were required [00:00:34].
- Gaining Initial Keys: Through the compromised device and further social engineering, the attackers managed to obtain four of the necessary keys [00:00:41].
- Lateral Movement: The attackers then performed “lateral movement,” migrating from the initially compromised device to another to acquire an additional key [00:00:44].
- Full Access: With all five required keys in hand, the attackers were able to compromise the system [00:00:50].
Impact
The hack resulted in approximately half a billion dollars in damages [00:01:00], making it potentially the largest hack in history, all stemming from a single phishing email [00:00:53]. This incident highlights the significant impact of the 650 million hack and how a simple act of clicking on a malicious link can lead to catastrophic financial losses.