• Milk Road
  • Posts
  • šŸ„› How a job scam led to the biggest hack in crypto

šŸ„› How a job scam led to the biggest hack in crypto

GM. This is the Milk Road. We take crypto news, put it down, flip it, and reverse it (if you know the reference, you know)

Hereā€™s whatā€™s going on in crypto:

  • The crazy ā€œFake Jobā€ scam

  • Another step closer to the ETH merge

  • SBF to the rescue

  • Meme of the day

HOW A FAKE JOB OFFER CAUSED A $600M HACK

I love movies about bank robberies (like Ocean's 11).

I donā€™t know why. Maybe Iā€™m a little evil inside. Maybe I just like George Clooney. Who knows.

Either way - Iā€™m a sucker for a good crime. And so when I saw this story, I immediately was hooked:

This story has everything:

  • A catfish company

  • $600M stolen crypto

  • N.Korean hacking group that makes Ocean's 11 look like rookies

Ladies & gents, get ya popcorn ready to hear how Axie Infinity got hacked for $600M

Hereā€™s how it went down:

Step 1: A recruiter on LinkedIn started reaching out to engineers who worked at Axie Infinity to hire them for a new company. Most ignored it, but one senior engineer responded.

Step 2: The engineer went through several rounds of interviews and eventuallyā€¦got an offer!

Step 3: The offer came with a crazy good compensation package - one so good the senior engineer downloaded the PDF just so he could see the rest.

But there was a problemā€¦

The company? Didnā€™t exist.

The recruiter? Wasnā€™t a recruiter. It was a North Korean hacker group known as Lazarus.

The PDF? Wasnā€™t a job offer. It was spyware. Uh-oh.

Now the North Korean hackers were able to gain access to the Axie Infinity systems and could do some serious damage. And that, my friends, is exactly what they did.

They were able to compromise Axie's infrastructure using the spyware, and got control of the validators they needed to push any transaction through. They were basically in God Developer mode at that point.

They drained $600M from Axie Infinity and have been trying to cash out since. Unfortunately for them, moving that much money ain't so easy. The wallet has been blocked by exchanges, but not before the hackers were able to successfully cash out ~$200M.

From PDF --> $600M hack. Crazy.

The Milk Road Take: BRB while I throw my computer into a lake. Canā€™t hack me if the computer doesnā€™t work!

ONE STEP CLOSER TO THE ETH MERGE

Ethereum developers successfully completed another test merge.

Itā€™s been 2 years of waiting, but weā€™re almost there! Itā€™s so close I can taste the stake. Proof-of-stake that is.

The Merge will be one of the biggest events for Ethereum ever. It will move from proof-of-work ā†’ proof-of-stake. This means:

  • ā€‹ā€‹Faster transactions with less energy usage

  • No more miners! Miners help verify & validate transactions right now. In return, they receive ETH for helping keep the network going, which adds more sell pressure. No mining = less daily sell pressure = the price goes up?

  • One step closer to scalability in the future

The test yesterday was the 2nd test, one more to go before the big one.

Think of it like clinical trials. A drug has to go through phase 1, phase 2, phase 3 etc.. before it gets to humans.

After all three are successful, the Merge will finally happen on the main Ethereum network. Confusing, I know. But just to make sure weā€™re on the same page:

āœ… Ropsten (completed on June 8)

āœ… Sepolia (completed yesterday)

āŒ Goerli (coming soon?)

So howā€™d Sepolia go? Pretty smooth!

There were a few hiccups that happened afterward due to some wrong configurations. But developers were able to update them and now know the right configurations to set during the real merge. Thatā€™s what tests are for, right?

The Milk Roadā€™s Take: I wish the test phases didnā€™t sound like STDs. But glad it went well.  All signs are pointing to still being on schedule to complete everything over the next 2-3 months (fingers crossed).

TODAY'S NEWSLETTER IS BROUGHT TO YOU BY PIESTRO

ā€œWhen The Moon Hits Your Eye Like A Big Pizza Pieā€¦ā€

This fleet of robotic pizza kiosks can customize and cook gourmet pies 24/7 in just about any high-traffic space - malls, airports, college campuses, you name it.

Thatā€™s why fast-growing food brands like 800 Degrees have already ordered $580 million in Piestro pods. They want to sell more pizzas, in less time, at lower cost:

  • Less labor and real estate spend = 3X profit margins

  • Tasty restaurant-level pizza in 3 min

  • Feeds college kids at 4 AM

How will you feel if this startup goes ā€œto the moonā€?

Will you feel ā€œAmoreā€?

SBF HAS BILLIONS TO BAIL OUT CRYPTO

Sam Bankman-Fried has been a one-man army for crypto. Recently he:

  • Loaned out $500m to Voyager

  • Gave a $450m credit line to BlockFi

  • Announced he had ā€œa few billionā€ set aside for companies that need help

Seriously, he had an interview with Reuters where he said he has ~$2 billion ready to go to help crypto companies.

Is he gonna bail everyone out? No. But heā€™s willing to help companies that have good business models, have customers that need protection, and if they fail would be a systemic risk to crypto as a whole.

Thereā€™s some game theory here too. Just reassuring the world that he could backstop losses will reduce panic (which reduces the need for a bailout). Smart move.

The Milk Roadā€™s Take: Sam, the Milk Road portfolio is down 70% this year. Weā€™re putting up the SBF SIGNAL!

BITE-SIZED TREATS

Elon Musksā€™ The Boring Company will be accepting Dogecoin to pay for rides on Loop. This is Elon's 3rd company to accept the meme coin. Stop trying to make ā€˜fetchā€™ a thing, Elon.

Polygon is partnering with Nothing to integrate into their first smartphone, the Nothing Phone 1. The crypto phone trend continues. And yes, the company is really called Nothing.

MEME OF THE DAY

Stay thirsty my friends, see ya tomorrow!

A Review from the Road...

What'd you think of today's edition?

Login or Subscribe to participate in polls.

Young Vitalik reading his first Milk Road Edition.

DISCLAIMER: None of this is financial advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. Please be careful and do your own research.

Reply

or to participate.