Hackers pulled off a $620 million crypto heist by tricking an engineer into applying for
Scammers used an elaborate fake job scheme to steal over $600 million in crypto from the online NFT-based game Axie Infinity, The Block reported Wednesday.
The hackers, who the US Treasury linked to North Korea’s notorious Lazarus Group, posed as job recruiters on Linkedin and tricked a senior engineer at the game’s developer, Sky Mavis, into going through “multiple rounds of interviews” for a position that did not exist, sources told the outlet.
They then sent the engineer a fabricated offer letter with “an extremely generous compensation package” that was laced with
, The Block reported.
Once downloaded, the hackers could access Axie Infinity’s blockchain network known as “Ronin,” where users transferred Ethereum-based digital currencies in and out of the game.
The security breach, which the company first disclosed back in March, is believed to be one of the largest crypto heists in the world.
However, experts told Insider in April that the cyberattack shouldn’t be a deterrent to widespread crypto adoption, as the heist was largely due to human error and a lack of cybersecurity rather than a flaw in blockchain technology itself.
In May, the US Treasury sanctioned the virtual currency mixer Blender.io, which the department alleged was used to obscure the source of over $20.5 million of the cryptocurrency stolen from Axie Infinity.
“Virtual currency mixers that assist illicit transactions pose a threat to US national security interests,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in a statement. “We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”
Read More: Hackers pulled off a $620 million crypto heist by tricking an engineer into applying for