Posts Tagged: hack

Elaborate hack of ‘Axie Infinity’ tied to fake LinkedIn job offer

Axie Infinity was the prime example of crypto gaming last year, when its play-to-earn formula helped it reach up to 2.7 million daily active users last November. But that all came crashing down in March, when hackers stole $ 625 million from the Ethereum-linked Ronin sidechain powering the game. Now, it turns out, the source of that hack came from an unlikely source: A fake job offer from LinkedIn. 

As The Block reports (via The Verge) based on two sources, the hackers infiltrated Axie Infinity owner Sky Mavin's network by sending a spyware-filled PDF to one employee. That person thought they were accepting a high-paying job from another firm, but it turns out that company never existed. According to the US government, North Korean hacker group Lazarus was behind the attack. 

“Employees are under constant advanced spear-phishing attacks on various social channels and one employee was compromised," Sky Mavis noted in a post-mortem blog post following the hack. "This employee no longer works at Sky Mavis. The attacker managed to leverage that access to penetrate Sky Mavis IT infrastructure and gain access to the validator nodes.”

Axie Infinityspun back up last week, and it's still relying on the Ronin sidechain, albeit with stricter security measures. The company raised its validator nodes to 11 in April, up from 9 previously, which makes it more difficult for attackers to gain control of the network. (Lazarus gained access to 5 nodes to achieve its hack, including one from the Axie DAO [Decentralized Autonomous Organization].) And it's also implementing a "circuit-breaker" system to flag large withdrawals. 

While this hack was clearly meticulously planned and required a significant amount of technical skill, it ultimately hung on a classic vulnerability: social engineering. 

Engadget is a web magazine with obsessive daily coverage of everything new in gadgets and consumer electronics

Bluetooth hack compromises Teslas, digital locks, and more

Security researchers have found a way to circumvent digital locks and security systems that rely on Bluetooth fobs and smartphones for authentication.
Mobile | Digital Trends

The Morning After: FBI arrests woman for massive Capital One hack

Hey, good morning! You look fabulous. We're barely clear of the big Equifax settlement, and Capital One has suffered a hack that exposed information for more than 100 million Americans. In other news, Google posted more details about its Pixel 4, an…
Engadget RSS Feed

Card skimming hack targets 201 campus stores in North America

The infamous Magecart card skimming hack has been used to make life miserable for college students. Trend Micro has discovered that a hacking group, currently nicknamed Mirrorthief, relied on the scripting technique to steal card data from 201 onlin…
Engadget RSS Feed

SEC brings charges in connection with hack of its financial system

The United States Securities and Exchange Commission announced today that it is bringing charges against a Ukranian hacker for breaking into the agency's corporate filing system to access nonpublic information. The SEC is also charging a number of in…
Engadget RSS Feed

UK privacy watchdog slaps Yahoo with another fine over 2014 hack

Yahoo still isn't done facing the consequences for its handling of a massive 2014 data breach. The UK's Information Commissioner's Office has slapped Yahoo UK Services Ltd with a £250,000 (about $ 334,300) fine under the country's Data Protecti…
Engadget RSS Feed

SEC knew about weak security years before hack

The hack that compromised the US Securities and Exchange Commission was a shock and more than a little damaging, but could it have been prevented? Unfortunately the answer is very likely yes. The Hill has combed through the SEC's internal evaluatio…
Engadget RSS Feed

Hack into a world of cyberpunk horror next month in ‘Observer’

If you think things are unendurably awful in the world today, maybe don't play Observer when it hits PlayStation 4, Xbox One, PC, Mac and Linux on August 15th. Observer follows one of the darkest paths at humanity's feet, imagining a 2084 where corp…
Engadget RSS Feed

Caller ID apps are publicly exposing names and phone numbers after apparent hack

Three of the top caller ID apps have begun uploading caller names and phone numbers into public databases. It’s not yet known if the apps have been hacked or who could have hacked them.

The post Caller ID apps are publicly exposing names and phone numbers after apparent hack appeared first on Digital Trends.

Android Army–Digital Trends

UK broadband customers also affected by Yahoo hack

Yahoo might not be quite as big in the UK as it is in the US, but that doesn't mean the shockwaves from the company's enormous hack won't be felt on the both sides of the Atlantic. In total, 500 million users were affected by the 2014 breach, which w…
Engadget RSS Feed

Weekly Rewind: Yahoo sells, LastPass hack, a solar plane, and More

In the tech world, a lot happens in a week. So much news goes on, in fact, that it’s almost impossible for mere mortals with real lives to keep track of everything. That’s why we’ve compiled a quick and dirty list of the top 10 tech stories.

The post Weekly Rewind: Yahoo sells, LastPass hack, a solar plane, and More appeared first on Digital Trends.

Mobile–Digital Trends

Meet Danger Drone – a flying computer designed to hack into all your unprotected devices

Security company Bishop Fox has created a flying hacker’s laptop called Danger Drone. Built around a Raspberry Pi, it can access networks and short-range signals normally out of reach.

The post Meet Danger Drone – a flying computer designed to hack into all your unprotected devices appeared first on Digital Trends.

Cool Tech–Digital Trends

Samsung says its new Tizen TVs will be harder to hack

Samsung has announced that its next generation of Tizen smart TVs will be a lot harder to crack than before. The firm has created Gaia, a security product for its 2016 range that promises to do for TV what Knox did for its smartphones. Some of the fe…
Engadget RSS Feed

Samsung Pay wasn’t breached in state-sponsored LoopPay hack, executives say

LoopPay, the company behind a core technology of Samsung Pay, suffered a network breach at the hands of Chinese hackers earlier this year. Payments information wasn’t compromised., LoopPay claims.

The post Samsung Pay wasn’t breached in state-sponsored LoopPay hack, executives say appeared first on Digital Trends.

Mobile»Digital Trends

Banks can bring class-action suit against Target over data hack

Target's legal woes continue to mount over its now-infamous data breach in 2013, which exposed the credit card numbers and personal information for as many as 70 million shoppers. A District Court judge in Minnesota ruled on Wednesday that Target w…
Engadget RSS Feed