The breathlessly reported Axie Infinity/ Ronin bridge hack is probably a fake.

The latest report on the Axie Infinity/ Ronin bridge hack is too good to be true. And with the FBI claiming that a North Korean-sponsored hacking group is responsible for it, it's even harder to believe. "A senior engineer at Axie Infinity was duped into applying for a job at a company that, in reality, did not exist,"

Axie Infinity is an Ethereum sidechain that exclusively serves the Ronin Network. The play-to-earn game was one of the bull market's biggest success stories, and it has a thriving internal economy and an international audience. Sky Mavis is behind Axie Infinity, and one of its programmers fell victim to the simplest social engineering trick in the book.

Chainalysis, a surveillance firm, estimates that in the year 2021 alone, North Korean hackers stole over $400M. The FBI says they were responsible for the Axie Infinity/ Ronin hack; they traced the funds to wallets associated with Lazarus. This is how The Block's article continues the story.

The FBI was extremely clear in its statement quoted here when it said that, "We have been able to link the theft of $2 billion worth of AXIE, a cryptocurrency created by the North

“Through our investigation we were able to confirm Lazarus Group and APT38, cyber actors associated with the DPRK, are responsible for the theft of $620 million in Ethereum reported on March 29th.”

In 2021, they set a record for the most money collected from a single operation.

How did the Axie Infinity/ Ronin hack happen?

The story behind the hack is hilarious, in a nutshell. As The Block puts it:

“Earlier this year, staff at Axie Infinity developer Sky Mavis were approached by people purporting to represent the fake company and encouraged to apply for jobs, according to the people familiar with the matter.”

Sky Mavis’ developer was offered a lucrative salary after the last interview. When he accepted the offer, everything went wrong, and it was all his fault.

“The fake “offer” was delivered in the form of a PDF document, which the engineer downloaded — allowing spyware to infiltrate Ronin’s systems. From there, hackers were able to attack and take over four out of nine validators on the Ronin network — leaving them just one validator short of total control.”

The hackers completed the attack by taking over another entity. The postmortem of the Ronin bridge operators explains what happened after that. "Axie DAO" used to allow "Sky Mavis" to sign various transactions on its behalf, and those permissions were still valid; that's how the hackers took advantage of them.

“The attacker managed to get control over five of the nine validator private keys — 4 Sky Mavis validators and 1 Axie DAO — in order to forge fake withdrawals. This resulted in 173,600 Ethereum and 25.5M USDC drained from the Ronin bridge in two transaction”

Did Lazarus' operators orchestrate such a Hollywoodesque attack? Or is the comedic modus operandi pointing to other perpetrators?

Previous Reporting on the Ronin Breach

To finish the story and provide extra detail, let's refer to the archival material. When the breach occurred, NewsBTC reported it as:

“On March 23, cybercriminals exploited The Ronin Bridge Network, and the hackers looted over $625 million worth of assets. The assets comprise 25.5 million USDC and over 173,600 ether. A report on their blog revealed this data.”

Axie Infinity and Sky Mavis's solution to the problem was discussed in detail:

“The latest move announced is a $1 million bug bounty program that invites white hat hackers to stress test the blockchain. Co-Founder and COO of Sky Mavis and Axie announced: “Calling all whitehats in the blockchain space. The Sky Mavis Bug Bounty program is here. Help us keep the Ronin Network secure while earning a bounty up to $1,000,000 in bounty for fatal bugs.”

Bitcoinist described the features of the new bridge after it was restored.

“In addition to the two independent audits on its smart contracts, the Ronin Bridge’s new design has implemented a new “circuit-breaker” feature. This was directly added to prevent a bad actor from replicating the previous attack or exploiting any potential new attack vector.”

At the moment, it seems that the Ronin bridge is safe to use. It also seemed safe to use before the hack.