🥛 How a job scam led to the biggest hack in crypto
- Writer Milk Man
- July 7, 2022
- •3 Min Read
GM. This is the Milk Road. We take crypto news, put it down, flip it, and reverse it (if you know the reference, you know)
Here’s what’s going on in crypto:
- The crazy “Fake Job” scam
- Another step closer to the ETH merge
- SBF to the rescue
- Meme of the day
HOW A FAKE JOB OFFER CAUSED A $600M HACK
I love movies about bank robberies (like Ocean's 11).
I don’t know why. Maybe I’m a little evil inside. Maybe I just like George Clooney. Who knows.
Either way - I’m a sucker for a good crime. And so when I saw this story, I immediately was hooked:
This story has everything:
- A catfish company
- $600M stolen crypto
- N.Korean hacking group that makes Ocean's 11 look like rookies
Ladies & gents, get ya popcorn ready to hear how Axie Infinity got hacked for $600M
Here’s how it went down:
Step 1: A recruiter on LinkedIn started reaching out to engineers who worked at Axie Infinity to hire them for a new company. Most ignored it, but one senior engineer responded.
Step 2: The engineer went through several rounds of interviews and eventually…got an offer!
Step 3: The offer came with a crazy good compensation package - one so good the senior engineer downloaded the PDF just so he could see the rest.
But there was a problem…
The company? Didn’t exist.
The recruiter? Wasn’t a recruiter. It was a North Korean hacker group known as Lazarus.
The PDF? Wasn’t a job offer. It was spyware. Uh-oh.
Now the North Korean hackers were able to gain access to the Axie Infinity systems and could do some serious damage. And that, my friends, is exactly what they did.
They were able to compromise Axie's infrastructure using the spyware, and got control of the validators they needed to push any transaction through. They were basically in God Developer mode at that point.
They drained $600M from Axie Infinity and have been trying to cash out since. Unfortunately for them, moving that much money ain't so easy. The wallet has been blocked by exchanges, but not before the hackers were able to successfully cash out ~$200M.
From PDF --> $600M hack. Crazy.
The Milk Road Take: BRB while I throw my computer into a lake. Can’t hack me if the computer doesn’t work!
ONE STEP CLOSER TO THE ETH MERGE
Ethereum developers successfully completed another test merge.
It’s been 2 years of waiting, but we’re almost there! It’s so close I can taste the stake. Proof-of-stake that is.
The Merge will be one of the biggest events for Ethereum ever. It will move from proof-of-work → proof-of-stake. This means:
- Faster transactions with less energy usage
- No more miners! Miners help verify & validate transactions right now. In return, they receive ETH for helping keep the network going, which adds more sell pressure. No mining = less daily sell pressure = the price goes up?
- One step closer to scalability in the future
The test yesterday was the 2nd test, one more to go before the big one.
Think of it like clinical trials. A drug has to go through phase 1, phase 2, phase 3 etc.. before it gets to humans.
After all three are successful, the Merge will finally happen on the main Ethereum network. Confusing, I know. But just to make sure we’re on the same page:
✅ Ropsten (completed on June 8)
✅ Sepolia (completed yesterday)
❌ Goerli (coming soon?)
So how’d Sepolia go? Pretty smooth!
There were a few hiccups that happened afterward due to some wrong configurations. But developers were able to update them and now know the right configurations to set during the real merge. That’s what tests are for, right?
The Milk Road’s Take: I wish the test phases didn’t sound like STDs. But glad it went well. All signs are pointing to still being on schedule to complete everything over the next 2-3 months (fingers crossed).
TODAY'S NEWSLETTER IS BROUGHT TO YOU BY PIESTRO
“When The Moon Hits Your Eye Like A Big Pizza Pie…”
This fleet of robotic pizza kiosks can customize and cook gourmet pies 24/7 in just about any high-traffic space - malls, airports, college campuses, you name it.
That’s why fast-growing food brands like 800 Degrees have already ordered $580 million in Piestro pods. They want to sell more pizzas, in less time, at lower cost:
- Less labor and real estate spend = 3X profit margins
- Tasty restaurant-level pizza in 3 min
- Feeds college kids at 4 AM
How will you feel if this startup goes “to the moon”?
Will you feel “Amore”?
Become a Piestro shareholder before their raise closes on July 28th.
SBF HAS BILLIONS TO BAIL OUT CRYPTO
Sam Bankman-Fried has been a one-man army for crypto. Recently he:
- Loaned out $500m to Voyager
- Gave a $450m credit line to BlockFi
- Announced he had “a few billion” set aside for companies that need help
Seriously, he had an interview with Reuters where he said he has ~$2 billion ready to go to help crypto companies.
Is he gonna bail everyone out? No. But he’s willing to help companies that have good business models, have customers that need protection, and if they fail would be a systemic risk to crypto as a whole.
There’s some game theory here too. Just reassuring the world that he could backstop losses will reduce panic (which reduces the need for a bailout). Smart move.
The Milk Road’s Take: Sam, the Milk Road portfolio is down 70% this year. We’re putting up the SBF SIGNAL!
Binance will offer a $0 trading fee for Bitcoin starting on July 8th.
JP Morgan sees 3 executives leave for crypto jobs this week.
dYdX, a decentralized crypto exchange, is launching a Trading Competition. Finally, we can see who has the real alpha.
Elon Musks’ The Boring Company will be accepting Dogecoin to pay for rides on Loop. This is Elon's 3rd company to accept the meme coin. Stop trying to make ‘fetch’ a thing, Elon.
Polygon is partnering with Nothing to integrate into their first smartphone, the Nothing Phone 1. The crypto phone trend continues. And yes, the company is really called Nothing.
Italy’s Ministry of Economic Development has set aside up to $46m to fund & develop blockchain projects. Mama mia!
MEME OF THE DAY
Stay thirsty my friends, see ya tomorrow!
Shaan "Chocolate Milk" Puri, Ben "2% Milk" Levy & Diego "El Lechero" Salinas
DISCLAIMER: None of this is financial advice. This newsletter is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. Please be careful and do your own research.
Get smarter about crypto
Join 250,000+ subscribers and get our 5 min daily newsletter on what matters in crypto.