Tribaldex Blog

AXS and DMM Bitcoin Hack: Fake Jobs, Real Threats

@logen9f71
Olio di Balena

Hello everyone! The subject of hacking scams fascinates me. Why do people fall for it? Are people so gullible that they will easily believe strangers? Previously I wrote about a woman who was scammed of EUR 830k by someone posing as Brad Pitt in this post. This happened in 2023. In between this event, there were crypto hacks that occured in 2022 and 2024. Curiously, both hacks were engineered through similar methods: fake job offers through LinkedIn.

The AXS Hack (Axie Infinity / Ronin Bridge) – March 2022

In March 2022, hackers linked to North Korea's Lazarus Group stole over $620 million worth of ETH and USDC. They approached an employee of Sky Mavis with a fake job offer. The engineer was convinced to open a malicious PDF, which allowed the attackers to install spyware and access the company’s internal systems. Eventually, the hackers gained control of five of nine validator nodes required to authorize withdrawals on the Ronin Bridge.

The DMM Bitcoin Hack - May 2024

In May 2024, DMM Bitcoin, a major Japanese cryptocurrency exchange, suffered a massive security breach resulting in the theft of over $300 million worth of Bitcoin. This is another case linked to North Korean hackers. The hackers went through an employee of Ginco, a Japan-based enterprise cryptocurrency wallet software company. The hacker sent the target, who maintained access to Ginco’s wallet management system, a URL linked to a malicious Python script under the guise of a pre-employment test located on a GitHub page. The victim copied the Python code to their personal GitHub page and was subsequently compromised.

The Art of Deception

As both cases show, social engineering and phishing attacks were both used by criminals to approach their targets. In both cases, unwitting employees. They must have researched their target companies with the aim of finding individuals or employees as possible targets. Then they must have gathered information about the person and contacting with the pretext of a job offer. In both cases, they used skillful deception to persuade their victims to introduce malware to the company's systems.

LinkedIn in Used in Phishing

In both cases the criminals used Linkedin, a reputable site for job hunters in their scams. They contacted their victims for purported job offers to gather information about their victims and to get them to download a malware. The DMM/Ginco case took months from the time they made their target download the malware to the actual theft. This shows how meticulous and patient the criminals are in pursuit of their goal to steal.

How Do We Protect Ourselves

Both cases show how social engineering can be used for criminal activities. This hits close to home since the potential victim could be me or you. We are the potential targets of these criminals either for our personal wallets or the wallet of the company we work for. So how do we avoid being victims of these scammers?

  1. Establish contact outside social media platforms.
    Don't be taken in by seemingly genuine profiles. Cross-check the recruiter’s identity on LinkedIn and official company websites. Contact the company directly via their public channels to confirm the job offer.

  2. Be wary of apparently ideal job offers
    Criminals use juicy job offers to entice their victims to click on files or links without thinking twice. Have a healthy dose of skepticism and check the validity of these job offers.

  3. Take care with links and attachments
    Fake recruiters often send fraudulent links or manipulated attachments. Never open unknown attachments and avoid downloading or opening unsolicited PDF files or links from people you don’t know or trust.

  4. Limit sharing personal data
    Avoid listing too many work related details on LinkedIn that could help attackers tailor their scam.

Final Thoughts

The AXS and DMM hacks shows that the human element is often the weakest link in cybersecurity. We need to be vigilant and skeptical to protect ourselves from seemingly great job offers. If it's too good to be true, then it probably is! Companies also need to educate and train their employees to be vigilant and ready for such situations.

Posted Using INLEO

hive-146620leofinancecentbbhpobtribespepememefunarchon
0.02321091 BEE
2 comments
@hivebuzz74

Congratulations @logen9f! You have completed the following achievement on the Hive blockchain And have been rewarded with New badge(s)

You published more than 800 posts.
Your next target is to reach 850 posts.

You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word STOP

Check out our last posts:

Hive Power Up Month Challenge - May 2025 Winners List
Be ready for the June edition of the Hive Power Up Month!
Hive Power Up Day - June 1st 2025
0.00000000 BEE
@hivebuzz74

Congratulations @logen9f! You received a personal badge!

https://images.hive.blog/70x70/https://hivebuzz.me/badges/pud.png?202506011313You powered-up at least 10 HIVE on Hive Power Up Day!
Wait until the end of Power Up Day to find out the size of your Power-Bee.
May the Hive Power be with you!

You can view your badges on your board and compare yourself to others in the Ranking

Check out our last posts:

Hive Power Up Month Challenge - May 2025 Winners List
Be ready for the June edition of the Hive Power Up Month!
Hive Power Up Day - June 1st 2025
0.00000000 BEE