{"id":64047,"date":"2022-07-07T09:16:46","date_gmt":"2022-07-07T06:16:46","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=64047"},"modified":"2025-09-06T12:12:04","modified_gmt":"2025-09-06T09:12:04","slug":"spyware-used-in-ronin-attack-reports-say","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/spyware-used-in-ronin-attack-reports-say\/","title":{"rendered":"Spyware used in Ronin attack, reports say."},"content":{"rendered":"

Hackers were able to carry out the attack on the Ronin sidechain thanks to spyware in a PDF document that one of the employees downloaded from a job-offer email from a fictitious company. The Block<\/a> reports, citing sources familiar with the matter.<\/p>\n

According to Sky Mavis, which develops the blockchain game Axie Infinity<\/a>, employees were sent offers from a fake company via LinkedIn.<\/p>\n

One of the engineers responded to the vacancy. After a series of interviews, he was sent a document with an ‘offer’ in PDF form. The document contained malware that compromised the Ronin network.<\/p>\n

Subsequently, the attackers were able to take control of four of the nine validators. Access to the fifth was obtained through Axie DAO<\/a>.<\/p>\n

The Ronin sidechain used by Axie Infinity was attacked in March. The attackers drained crypto assets worth about $625 million. The breach was the largest in the history of the DeFi sector.<\/p>\n

Later, the project team said that the attackers used social engineering to access the assets.<\/p>\n

In June, the developers restarted the Ronin sidechain<\/a> and reimbursed users for the funds they lost as a result of the March breach.<\/p>\n

For more about Ronin and its restart, read in ForkLog cards<\/a>.<\/p>\n

Follow ForkLog’s bitcoin news in our Telegram<\/a> \u2014 cryptocurrency news, prices and analytics.<\/p>\n","protected":false},"excerpt":{"rendered":"

Hackers were able to carry out the attack on the Ronin sidechain thanks to spyware in a PDF document that one of the employees downloaded from a job-offer email from a fictitious company. The Block reports, citing sources familiar with the matter.<\/p>\n","protected":false},"author":1,"featured_media":64048,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1581,1154,1359],"class_list":["post-64047","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-axie-infinity","tag-crimes","tag-ronin"],"aioseo_notices":[],"amp_enabled":true,"views":"19","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/64047","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=64047"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/64047\/revisions"}],"predecessor-version":[{"id":64049,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/64047\/revisions\/64049"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/64048"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=64047"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=64047"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=64047"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}