Another Hack On Axie Infinity Network, Here's How It All Started!
While the global cryptocurrency market doesn’t seem to be rising above the bearish cycle, the crypto space is pulled down by a hack now.
Today, Axie Infinity announced that the main server’s bot called MEE6 was hacked. As per the team’s statement, the MEE6 bot was used by the hackers so that they could add permission to a fake Jiho account to fake the announcement of the mint.
So basically MEE6 is a Discord bot that allows all the admins to automatically allow and restrict the roles and send messages. It’s just not one project but many projects installed under this bolt have faced similar issues.
Recently in the month of March, Ronin Network which was specially created for Axie Infinity had suffered a $625 million hack, making it one of the largest security breaches in the history of decentralized finance and crypto.
MEE6 Bot Gets Compromised
According to Axie Infinity, though the fake mint message has been deleted, a few users could still see the message, hence should restart the Discord. The team has assured us that they will update us about the incident via Twitter, Discord, Substack, and Facebook.
However, the MEE6 bot is not hacked, but the admins in the servers were compromised allowing the attackers to use the MEE6 to post the messages.
How Did It All Happen?
According to the security experts at the Discord, most probably the hackers have first attacked the admin accounts so that they could create a reaction role feature in order to provide an alternate admin account and send the webbook messages as they hide the compromised admin account.
The security expert believes that removing MEE6 or the webbooks immediately is the best solution instead of trying to identify the compromised account.
Source: Read Full Article