From: thepipeline_xyz
Social engineering and phishing attacks are significant attack vectors used to compromise digital assets. A notable example of such an attack is the hack of Ronin, a blockchain company associated with the popular game Axie, operated by its parent company Sky Mavis [00:00:00].
Case Study: The Ronin Bridge Hack
In this incident, a devops engineer at Sky Mavis was compromised through a phishing attempt [00:00:10]. The attack unfolded as follows:
- Phishing Vector The engineer received a fraudulent job offer via email [00:00:13]. It is believed they clicked on an executable file contained within this deceptive offer [00:00:18].
- Initial Compromise and Access Vulnerabilities A critical access vulnerability was exploited: the engineer’s device, once compromised, provided access to four keys for a multi-signature (multi-sig) wallet [00:00:20]. A multi-sig acts like a door requiring multiple keys to unlock; in this case, five out of nine keys were needed [00:00:28].
- Social Engineering and Lateral Movement Through the initial compromise, the attackers leveraged social engineering to obtain four of the necessary keys [00:00:41]. They then performed lateral movement, shifting from the initially compromised device to another to acquire a fifth key [00:00:44]. With all five keys in hand, they gained full control [00:00:50].
- Impact This successful attack, stemming from a seemingly innocuous official email, resulted in significant damage, reportedly costing about half a billion dollars [00:01:00]. It is considered one of the largest hacks in history [00:00:56].