This is an update to the previous story covering what is now the 2nd largest crypto crime ever, a hack of over $600 million taking place on Ethereum layer 2 Ronin Network
The following comes from Axie Infinity Co-Founder and COO Alexander Leonard Larsen...
"Been an intense 36 hours
Been working with the Sky Mavis board and key cybersecurity personnel to get a complete overview of the situation
Our internal network is currently going through a deep forensics review to ensure there is no lingering threat
This was a social engineering attack combined with a human error from December 2021.
Tech is solid and we will be adding several new validators shortly to further decentralize the network.
We are committed to ensuring that all of the drained funds are recovered or reimbursed, and we are continuing conversations with our stakeholders to determine the best course of action.
Very proud of how my teammates have handled the situation so far.
Focusing on what we can solve and dealing with the problems one at a time.
Also a very grateful for all the positive vibes in the community.
We rise to the occasion together
More to follow"
Some important pieces of information here...
First off - the cause being a 'social engineering attack' - in other words, someone on the inside fell for a scam.
This can be a number of things from downloading an e-mail attachment that silently installed spyware allowing the attacker to gain passwords, private keys, or anything else typed or pasted on that computer.
Or in some cases of social engineering the attacker is bold enough to call the target, hearing a real person on the other end is often immediately given more trust than an e-mail. They can pose as another employee, usually pretending to be someone in management and targeting the lowest ranking person with access. Or even an actual person in management being targeted by pretending to be from a government entity.
Secondly, the claim that there are no security holes in their network. If the above is true, this very well may be true - no security holes needed when someone gave up their password.
Lastly - those effected can breathe a sign of relief - they are committed to reimbursing ALL of the 'drained funds'.
-----------
Author: Ross Davis
Silicon Valley Newsroom
GCP |