A North Korean advanced persistent threat group has been linked to a cyberattack that occurred in March in which gaming platform Axie Infinity was targeted. According to security researchers, Axie Infinity suffered losses of $540 million after the attackers conducted a spear-phishing attack that allowed them access to in-game non-fungible tokens. A report was published recently in a publication called The Block, detailing how the hackers took control of private keys linked to four validator nodes belonging to the Ronin Network. Axie Infinity runs on the Ronin network and uses it for operations such as trading coins. The second node belongs to Axie DAO, which is a decentralized organization supporting the game ecosystem.
Since Ronin is supported by nine validators, the attacker was able to possess majority control over the network after obtaining access to five. Axie and Ronin are both developed by Sky Mavis, according to researchers. Both rely on a relatively small number of validators to operate. However, the problem is that all of the validators are concentrated in one place, meaning that the attacker only had to compromise one organization. The attackers effectively wrote checks to themselves once they obtained majority control, stealing millions of dollars in Ethereum and USD coin. Although the attack had already been attributed to North Korea threat actors, it was unclear until the recent report how the attackers gained control over the validators.
Read More: Popular NFT Marketplace Phished for $540M