Sky-high working as bait - Demystifying one of the biggest hacks in the crypto world

In the cryptocurrency industry, a jaw-dropping hack has once again reminded people of the importance of cybersecurity. The incident stemmed from a seemingly ordinary job application that resulted in the loss of $540 million worth of cryptocurrency.

It happened earlier this year when a senior engineer at a blockchain gaming company received an attractive job offer. However, the job offer was actually an elaborate trap that ended up triggering one of the biggest hacks the crypto industry has ever seen.

The main victim of this incident is the exclusive sidechain of a well-known blockchain game. In March, the sidechain was hacked, losing $540 million worth of cryptocurrency. Although the U.S. government later linked the incident to a state-level hacking group, the specifics of the attack have not been fully disclosed.

It is reported that the hackers reached out to the employees of the game development company through social media platforms and encouraged them to apply for positions at a company that did not actually exist. After several rounds of interviews, an engineer was offered a job that paid well. However, when he downloaded the attached PDF document, the hacking software quietly hacked into the system.

The hackers managed to take control of 4 of the 9 validator nodes on the network, just one step away from taking full control of the entire network. In order to gain control of the last critical node, the hackers exploited a vulnerability in a decentralized autonomous organization in the gaming ecosystem. The organization had previously been authorized to sign transactions on behalf of the system, and this permission was not revoked when it was no longer needed.

A month after the incident, the development company has taken a series of measures to strengthen security, including increasing the number of validators and planning to expand to more than 100 nodes in the long term. At the same time, the company has raised $150 million to compensate affected users and has begun to return the funds.

This incident is yet another reminder that even in the highly technological cryptocurrency industry, social engineering attacks are still a serious threat. Hackers are not only exploiting technological vulnerabilities, but also human weaknesses. They use social media platforms to get close to their targets, set up fake company websites, and even post seemingly legitimate job ads to gain trust.

To protect against similar attacks, industry experts recommend:

1. Pay close attention to security intelligence and conduct self-investigation in a timely manner.
2. Perform the necessary security checks before running the executable program.
3. Implement a zero-trust mechanism to effectively reduce potential risks.
4. Maintain real-time protection of security software and update virus databases in a timely manner.

The incident not only exposed the security challenges facing the cryptocurrency industry, but also highlighted the need for cross-border cooperation to combat cybercrime. As the value of digital assets continues to rise, we must always be vigilant and constantly improve our security measures to gain a foothold in this fast-moving industry.