Geoff White

Ideally, what you want to do is you want to go to the source of all the money, the fount of all the money, which, you know, Sky Mavis has sort of serviced themselves. And so the hackers targeted one of the engineering team and...

Ideally, what you want to do is you want to go to the source of all the money, the fount of all the money, which, you know, Sky Mavis has sort of serviced themselves. And so the hackers targeted one of the engineering team and...

carried out a very very elaborate or at least in my opinion very elaborate social engineering exercise on this person offered them a job now that's not an uncommon thing for you know crypto developers to get game developers get poached all the time and so they said look great job for you really big salary you know are you interested in talking to us and this employee said yes started receiving details of the job did apparently a couple of rounds of interviews for the job

carried out a very very elaborate or at least in my opinion very elaborate social engineering exercise on this person offered them a job now that's not an uncommon thing for you know crypto developers to get game developers get poached all the time and so they said look great job for you really big salary you know are you interested in talking to us and this employee said yes started receiving details of the job did apparently a couple of rounds of interviews for the job

which I presume was webcams off, but, you know, was interviewed by people for a job that seemed to exist. Of course, none of this was true. There was no job. This employee of Sky Mavis was being targeted by hackers who were trying to maneuver them to the point where they would effectively download malware.

which I presume was webcams off, but, you know, was interviewed by people for a job that seemed to exist. Of course, none of this was true. There was no job. This employee of Sky Mavis was being targeted by hackers who were trying to maneuver them to the point where they would effectively download malware.

making the whole story more believable i mean who gets job offers on discord anyway you know linkedin is the place to go get job offers the other thing you can do if you target someone in this way is you can say to them hey for this job we need to know that you can use this particular piece of software can you download it for us or can you click on this link and go to this private server so you can do this exercise as part of the job application

making the whole story more believable i mean who gets job offers on discord anyway you know linkedin is the place to go get job offers the other thing you can do if you target someone in this way is you can say to them hey for this job we need to know that you can use this particular piece of software can you download it for us or can you click on this link and go to this private server so you can do this exercise as part of the job application

There's lots of ways with a job application that you can sort of trick someone into doing something they wouldn't necessarily have done. Downloading stuff, clicking on links. So I find that really, I think that was a really sort of smart way of operating. One for people to watch out for. Eventually, malware gets downloaded by this employee of Sky Mavis onto their work device.

There's lots of ways with a job application that you can sort of trick someone into doing something they wouldn't necessarily have done. Downloading stuff, clicking on links. So I find that really, I think that was a really sort of smart way of operating. One for people to watch out for. Eventually, malware gets downloaded by this employee of Sky Mavis onto their work device.

Now, full disclosure, I don't think Sky Mavis have revealed how that specifically was done. But You can think of multiple ways whereby you'd be able to convince someone as part of the job application process to download something. There's lots of ways to do that. Effectively, the malware allowed the hackers access to Sky Mavis' computer systems.

Now, full disclosure, I don't think Sky Mavis have revealed how that specifically was done. But You can think of multiple ways whereby you'd be able to convince someone as part of the job application process to download something. There's lots of ways to do that. Effectively, the malware allowed the hackers access to Sky Mavis' computer systems.

And because they targeted an engineer who had what Sky Mavis describes as very deep level access, it wasn't like they hacked somebody in the HR department and had to work their way over to the development environment. They were already in. They'd hit the mother load effectively and were already in at a very deep level inside Sky Mavis.

And because they targeted an engineer who had what Sky Mavis describes as very deep level access, it wasn't like they hacked somebody in the HR department and had to work their way over to the development environment. They were already in. They'd hit the mother load effectively and were already in at a very deep level inside Sky Mavis.

With their deep-level access to SkyMaker's systems, the hackers start scoping out how Axie Infinity works and how this money is moving around.

With their deep-level access to SkyMaker's systems, the hackers start scoping out how Axie Infinity works and how this money is moving around.

And what they realize is what we've covered earlier is there's this internal blockchain within SkyMavis. Axie Infinity, monitoring the transactions between the players. There's the external sort of Ethereum blockchain, which is effectively bringing in money that people are, you know, Ethereum, Ether currency that people are spending into the game and then putting it out.

And what they realize is what we've covered earlier is there's this internal blockchain within SkyMavis. Axie Infinity, monitoring the transactions between the players. There's the external sort of Ethereum blockchain, which is effectively bringing in money that people are, you know, Ethereum, Ether currency that people are spending into the game and then putting it out.

So there's a conduit through which this is all happening. And that conduit is a thing called the Ronin Bridge. The Ronin Bridge's job is basically, it's to reconcile what's going on in the game with what's going on in this external Ethereum blockchain. Effectively, the Ronin Bridge is nine computers around the world.

So there's a conduit through which this is all happening. And that conduit is a thing called the Ronin Bridge. The Ronin Bridge's job is basically, it's to reconcile what's going on in the game with what's going on in this external Ethereum blockchain. Effectively, the Ronin Bridge is nine computers around the world.