Back in March, Sky Mavis, the creator of NFT game Axie Infinity declared that it had been breached and $600 million in value was stolen.

The breach was made possible thanks to an exploit of the Ronin Network which Sky Mavis uses to power Axie Infinity. Details surrounding the breach were thin on the ground at the time, but now it appears the cause was good old social engineering.

A report from The Block citing two people with direct knowledge of the matter alleges that the reason the Ronin Network could be exploited is because an employee believed they’d received a job offer.

The job offer was from a fake company which approached Sky Mavis staff and encouraged them to apply for jobs. The employees were approached on LinkedIn and job offers were sent via a PDF which actually turned out to be spyware.

The spyware allowed the attackers to take control of four out of nine of the Ronin Network’s validators giving them near complete control.

The employee who was targeted and succumbed to the attack is no longer with Sky Mavis according to a blog it posted in April.

Since the breach, Sky Mavis has increased its validator nodes from 9 to 11 and it hopes to increase this to more than 100 validator nodes.

The Web3.0 space has been besieged by breaches of late and phishing or social engineering attacks appear to be the most common form of infiltration. Most recently, OpenSea’s Discord server was breached and users unwittingly clicked a link which gave attackers access to NFT wallets.

Perhaps what Web3.0 needs is more warnings about phishing and social engineering.