当前位置:网站首页>How did a fake offer steal $540million from "axie infinity"?
How did a fake offer steal $540million from "axie infinity"?
2022-07-07 23:43:00 【Safety brother】
original text : A vacation Offer How to steal 「Axie infinity」5.4 Billion dollars ?
Before the official article begins , You can review Axie Infinity Side chain Ronin Being attacked by hackers , Turn on “ Eat the melon ” preheating .
Extended reading :2022 The biggest security event of the year ,Ronin A brief analysis of the cross chain bridge attack
The key point of this event is , If five of the nine verifiers approve , The funds can be transferred out . The attacker managed to get 5 Encrypted private key of verifier , This is enough to steal encrypted assets .
How did the attacker get the encrypted private key ? Now? , About this incident , There are new revelations .
Earlier this year , Hacker deception Axie Infinity A senior engineer of applied for a job in a fictitious company , Eventually lead to Axie Infinity Suffer 5.4 The loss of US $billion cryptocurrency . Here are The Block Reported hacking Axie Infinity The details of the .
There are few job search experience than Axie Infinity The experience of senior engineers is even more exciting . His interest in joining a fictitious company eventually led to one of the largest hacking attacks in the encryption industry .
last year 11 month ,Axie Infinity In the game NFT The number of daily active users once reached 270 ten thousand , The weekly trading volume reaches 2.14 Billion dollars ( These two figures have since fallen sharply ).
And this year 3 month ,P2E Chain swimming faucet Axie Infinity Ethereum side chain Ronin Lost value 5.4 US $100 million cryptocurrency . Although the US government later linked this incident to the North Korean hacker organization Lazarus Connect , But the full details of how the attack was carried out have not been disclosed . Actually destroy Ronin It's just a false job advertisement . Two people familiar with the matter said ,Axie Infinity A senior engineer of was tricked into applying for a position in a company that didn't actually exist . Due to the sensitivity of the event , The two people requested anonymity .
According to a person familiar with the matter , Earlier this year , People claiming to represent this fake company passed LinkedIn and WhatsApp Hook up Axie Infinity developers Sky Mavis The employees' , Use the new job opportunity to seduce him . According to a source , After several rounds of interviews ,Sky Mavis An engineer of got a very well paid job .
This is false Offer In order to PDF Sent in the form of a file , The engineer downloaded this file —— This allows the Trojan horse to penetrate Ronin In the system . From then on , Hackers can attack and take over Ronin On the Internet 9 In a verifier 4 individual , only 1 Verifiers cannot be fully controlled .
Sky Mavis stay 4 month 27 The hacker attack was analyzed in a blog post released on the th , The article said :“ Employees are constantly attacked by advanced phishing networks on various social channels , One of the employees was attacked . This employee is no longer Sky Mavis work . The attacker successfully used this access to infiltrate Sky Mavis Of IT infrastructure , And gain access to the verifier node .”
( How to prevent phishing attacks : dried food | Phishing site “ intrusion ”Web3, These anti fraud skills must be learned !)
The verifier can realize various functions in the blockchain , Including creating trading blocks and updating data Oracle .Ronin Using so-called “ Certificate of authorization ”(proof of authority) System to sign the transaction , Concentrate power on 9 In the hands of a trusted verifier .
But through fake job advertisements, it successfully penetrated Ronin After the system , Hackers only control 9 In a verifier 4 individual —— This means that hackers need another to control Ronin System .
In hindsight analysis ,Sky Mavis According to , Hackers successfully used Axie DAO ( An organization that supports the game ecosystem ) To complete the theft .Sky Mavis I was in 2021 year 11 Monthly request Axie DAO Help deal with transaction load problems .
“Axie DAO allow Sky Mavis Sign various transactions on its behalf . stay 2021 year 12 Monthly suspension , But the allowed access list has not been revoked ,”Sky Mavis In the blog post .“ Once the attacker enters Sky Mavis System , They can start from Axie DAO The verifier gets the signature .”
A month after the hacker invaded ,Sky Mavis Increase the number of validator nodes to 11 individual , And expressed in the blog post , Its long-term goal is to exceed 100 individual .
Three months after being attacked , Chengdu Lianan further monitors the funds on the chain , Find out Ronin Network The attacker's address has almost been transferred out 100% Steal funds .
and Axie Infinity Also in the 6 month 28 Start to return user funds to . Suddenly interrupted when attacked by hackers Ronin The Ethereum bridge of also restarted on .
however Axie Infinity This attack , It also gives us a lot of enlightenment , Chengdu Lianan gives the following suggestions for such cross chain bridge projects :
1、 Pay attention to the security of the signature server ;
2、 When the signature service goes offline , The strategy should be updated in a timely manner , Close the corresponding service module , And consider discarding the corresponding signature account address ;
3、 In case of multi sign verification , Multiple sign on services should be logically isolated , Independently verify the signature content , It is not allowed that some verifiers can directly request other verifiers to sign without verification ;
4、 The project party shall monitor the abnormal situation of project funds in real time .
边栏推荐
- B_ QuRT_ User_ Guide(38)
- [experiment sharing] log in to Cisco devices through the console port
- SAP HR reward and punishment information export
- C simple question 2
- Oracle string sorting
- Have all the fresh students of 2022 found jobs? Is it OK to be we media?
- C inheritance and interface design polymorphism
- 0-1背包问题
- MP4文件格式解析之结合实例分析
- 【7.4】25. K 个一组翻转链表
猜你喜欢
SAP 内存参数调优过程
一份假Offer如何盗走了「Axie infinity」5.4亿美元?
postgis学习
Take you hand in hand to build Eureka client with idea
【实验分享】通过Console口登录到Cisco设备
保证接口数据安全的10种方案
Live-Server使用
Pycharm essential plug-in, change the background (self use, continuous update) | CSDN creation punch in
SAP HR 劳动合同信息 0016
Ora-01741 and ora-01704
随机推荐
List. How to achieve ascending and descending sort() 2020.8.6
JNI uses asan to check memory leaks
C cat and dog
Balanced binary tree [AVL tree] - insert, delete
正畸注意事项(持续更新中)
B_ QuRT_ User_ Guide(38)
How to change the formula picture in the paper directly into the formula in word
ping报错:未知的名称或服务
Ora-01741 and ora-01704
Dependency injection
Ora-02437 failed to verify the primary key violation
Right click the idea file to create new. There is no solution to create new servlet
Progress broadcast | all 29 shield machines of Guangzhou Metro Line 7 have been launched
Rock-paper-scissors
Navicat connects Oracle
Come on, brother
SAP 内存参数调优过程
[experiment sharing] log in to Cisco devices through the console port
C number of words, plus ¥, longest word, average value
受限线性表