- Milk Road
- Posts
- š„ How a job scam led to the biggest hack in crypto
š„ How a job scam led to the biggest hack in crypto
GM. This is the Milk Road. We take crypto news, put it down, flip it, and reverse it (if you know the reference, you know)
Hereās whatās going on in crypto:
The crazy āFake Jobā scam
Another step closer to the ETH merge
SBF to the rescue
Meme of the day
HOW A FAKE JOB OFFER CAUSED A $600M HACK
I love movies about bank robberies (like Ocean's 11).
I donāt know why. Maybe Iām a little evil inside. Maybe I just like George Clooney. Who knows.
Either way - Iām a sucker for a good crime. And so when I saw this story, I immediately was hooked:
This story has everything:
A catfish company
$600M stolen crypto
N.Korean hacking group that makes Ocean's 11 look like rookies
Ladies & gents, get ya popcorn ready to hear how Axie Infinity got hacked for $600M
Hereās how it went down:
Step 1: A recruiter on LinkedIn started reaching out to engineers who worked at Axie Infinity to hire them for a new company. Most ignored it, but one senior engineer responded.
Step 2: The engineer went through several rounds of interviews and eventuallyā¦got an offer!
Step 3: The offer came with a crazy good compensation package - one so good the senior engineer downloaded the PDF just so he could see the rest.
But there was a problemā¦
The company? Didnāt exist.
The recruiter? Wasnāt a recruiter. It was a North Korean hacker group known as Lazarus.
The PDF? Wasnāt a job offer. It was spyware. Uh-oh.
Now the North Korean hackers were able to gain access to the Axie Infinity systems and could do some serious damage. And that, my friends, is exactly what they did.
They were able to compromise Axie's infrastructure using the spyware, and got control of the validators they needed to push any transaction through. They were basically in God Developer mode at that point.
They drained $600M from Axie Infinity and have been trying to cash out since. Unfortunately for them, moving that much money ain't so easy. The wallet has been blocked by exchanges, but not before the hackers were able to successfully cash out ~$200M.
From PDF --> $600M hack. Crazy.
The Milk Road Take: BRB while I throw my computer into a lake. Canāt hack me if the computer doesnāt work!
ONE STEP CLOSER TO THE ETH MERGE
Ethereum developers successfully completed another test merge.
Itās been 2 years of waiting, but weāre almost there! Itās so close I can taste the stake. Proof-of-stake that is.
The Merge will be one of the biggest events for Ethereum ever. It will move from proof-of-work ā proof-of-stake. This means:
āāFaster transactions with less energy usage
No more miners! Miners help verify & validate transactions right now. In return, they receive ETH for helping keep the network going, which adds more sell pressure. No mining = less daily sell pressure = the price goes up?
One step closer to scalability in the future
The test yesterday was the 2nd test, one more to go before the big one.
Think of it like clinical trials. A drug has to go through phase 1, phase 2, phase 3 etc.. before it gets to humans.
After all three are successful, the Merge will finally happen on the main Ethereum network. Confusing, I know. But just to make sure weāre on the same page:
ā Ropsten (completed on June 8)
ā Sepolia (completed yesterday)
ā Goerli (coming soon?)
So howād Sepolia go? Pretty smooth!
There were a few hiccups that happened afterward due to some wrong configurations. But developers were able to update them and now know the right configurations to set during the real merge. Thatās what tests are for, right?
The Milk Roadās Take: I wish the test phases didnāt sound like STDs. But glad it went well. All signs are pointing to still being on schedule to complete everything over the next 2-3 months (fingers crossed).
TODAY'S NEWSLETTER IS BROUGHT TO YOU BY PIESTRO
āWhen The Moon Hits Your Eye Like A Big Pizza Pieā¦ā
This fleet of robotic pizza kiosks can customize and cook gourmet pies 24/7 in just about any high-traffic space - malls, airports, college campuses, you name it.
Thatās why fast-growing food brands like 800 Degrees have already ordered $580 million in Piestro pods. They want to sell more pizzas, in less time, at lower cost:
Less labor and real estate spend = 3X profit margins
Tasty restaurant-level pizza in 3 min
Feeds college kids at 4 AM
How will you feel if this startup goes āto the moonā?
Will you feel āAmoreā?
SBF HAS BILLIONS TO BAIL OUT CRYPTO
Sam Bankman-Fried has been a one-man army for crypto. Recently he:
Loaned out $500m to Voyager
Gave a $450m credit line to BlockFi
Announced he had āa few billionā set aside for companies that need help
Seriously, he had an interview with Reuters where he said he has ~$2 billion ready to go to help crypto companies.
Is he gonna bail everyone out? No. But heās willing to help companies that have good business models, have customers that need protection, and if they fail would be a systemic risk to crypto as a whole.
Thereās some game theory here too. Just reassuring the world that he could backstop losses will reduce panic (which reduces the need for a bailout). Smart move.
The Milk Roadās Take: Sam, the Milk Road portfolio is down 70% this year. Weāre putting up the SBF SIGNAL!
BITE-SIZED TREATS
dYdX, a decentralized crypto exchange, is launching a Trading Competition. Finally, we can see who has the real alpha.
Elon Musksā The Boring Company will be accepting Dogecoin to pay for rides on Loop. This is Elon's 3rd company to accept the meme coin. Stop trying to make āfetchā a thing, Elon.
Polygon is partnering with Nothing to integrate into their first smartphone, the Nothing Phone 1. The crypto phone trend continues. And yes, the company is really called Nothing.
MEME OF THE DAY
Stay thirsty my friends, see ya tomorrow!
A Review from the Road...
What'd you think of today's edition? |
Young Vitalik reading his first Milk Road Edition.
DISCLAIMER: None of this is financial advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. Please be careful and do your own research.
Reply