Spyware used in Ronin attack, reports say.

Hackers were able to carry out the attack on the Ronin sidechain thanks to spyware in a PDF document that one of the employees downloaded from a job-offer email from a fictitious company. The Block reports, citing sources familiar with the matter.

According to Sky Mavis, which develops the blockchain game Axie Infinity, employees were sent offers from a fake company via LinkedIn.

One of the engineers responded to the vacancy. After a series of interviews, he was sent a document with an ‘offer’ in PDF form. The document contained malware that compromised the Ronin network.

Subsequently, the attackers were able to take control of four of the nine validators. Access to the fifth was obtained through Axie DAO.

The Ronin sidechain used by Axie Infinity was attacked in March. The attackers drained crypto assets worth about $625 million. The breach was the largest in the history of the DeFi sector.

Later, the project team said that the attackers used social engineering to access the assets.

In June, the developers restarted the Ronin sidechain and reimbursed users for the funds they lost as a result of the March breach.

For more about Ronin and its restart, read in ForkLog cards.

Follow ForkLog’s bitcoin news in our Telegram — cryptocurrency news, prices and analytics.