Threatpost reports that North Korean APT hackers were able to steal $540 million from blockchain gaming platform Axie Infinity in a spear-phishing attack after gaining access to the private keys of most of the platform's nine validator nodes.
Four of the nodes compromised by attackers were owned by the Ronin Network, where Axie operates, while Axie DAO owns the fifth, noted publication The Block. While the use of relatively few validators is common in Axie and other permissioned chains, problems lay on the concentration of the validators in a single repository, according to Kudelski Security Vice President of Innovation Ryan Spanier.
"The validators were not well distributed between independent organizations, which means the attacker only truly had to compromise one organization. Essentially, they had a decentralized blockchain model but were vulnerable to a centralized threat vector," Spanier added.
Meanwhile, Cofense Director of Threat Intelligence Mollie MacDougall said that the Axie hack should prompt the adoption of effective phishing defense programs in blockchain platforms.
Cybercrime operation Gold Melody, also known as UNC961 and Prophet Spider, has been discovered by SecureWorks Counter Threat Unit researchers to be an initial access broker peddling compromised network access for further attacks, according to The Hacker News.