Threat Management, Email security, Vulnerability Management

Significant Axie Infinity hack examined

Threatpost reports that North Korean APT hackers were able to steal $540 million from blockchain gaming platform Axie Infinity in a spear-phishing attack after gaining access to the private keys of most of the platform's nine validator nodes. Four of the nodes compromised by attackers were owned by the Ronin Network, where Axie operates, while Axie DAO owns the fifth, noted publication The Block. While the use of relatively few validators is common in Axie and other permissioned chains, problems lay on the concentration of the validators in a single repository, according to Kudelski Security Vice President of Innovation Ryan Spanier. "The validators were not well distributed between independent organizations, which means the attacker only truly had to compromise one organization. Essentially, they had a decentralized blockchain model but were vulnerable to a centralized threat vector," Spanier added. Meanwhile, Cofense Director of Threat Intelligence Mollie MacDougall said that the Axie hack should prompt the adoption of effective phishing defense programs in blockchain platforms.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.