Security News > 2022 > July > Popular NFT Marketplace Phished for $540M

Popular NFT Marketplace Phished for $540M
2022-07-11 20:06

Axie Infinity, a popular destination for 3 million traders of in-game collectible non-fungible tokens, reportedly lost $540M in cryptocurrency in a recruiting-themed spear phishing attack.

Ronin is supported by nine validators so, by controlling five, the attacker possessed majority control over the network.

The problem wasn't just that there were too few validators, but that those validators were all concentrated in one place.

"The validators were not well distributed between independent organizations," Spanier continued, "Which means the attacker only truly had to compromise one organization. Essentially, they had a decentralized blockchain model but were vulnerable to a centralized threat vector."

What wasn't clear until this week is how did the attackers gain control over those validators?

From there, the attackers moved laterally into Ronin's IT systems, allowing them to steal those coveted validator private keys, according to The Block.


News URL

https://threatpost.com/popular-nft-marketplace-phished-for-540m/180174/