Axion Attack Was an Inside Job, CertiK Says

Code auditor says that Axion hacker exploited a third-party dependency.

Axion Attack Was an Inside Job, CertiK Says

Key Takeaways

  • CertiK has commented on yesterday's attack against Axion (AXN).
  • The auditing firm says that the attack was likely carried out by someone responsible for deploying Axion's contracts.
  • The hacker stole $27 million of AXN tokens during the attack.

Share this article

CertiK, a blockchain auditing outfit, has commented on yesterday’s Axion hack, revealing that the attacker exploited the project’s third-party dependencies. The auditors added that someone within the project likely carried out the attack.

Insiders Likely Led Axion Attack

According to a HackMD article published by CertiK, the attack was “planned from the inside.”

Actors involved in the Axion project injected malicious code prior to Axion’s deployment by altering its OpenZeppelin dependencies. The injected code allowed the attacker to freely mint 80 billion AXN tokens.

Since the code was injected at the deployment stage, CertiK’s original audit of the code failed to prevent the attack.

Yvan Nasr, CertiK’s head of professional service, told Crypto Briefing that Axion likely “merged the code of the project with the right dependencies together and then manually inserted their malicious code in the OpenZeppelin dependency prior to deployment.”

Alex Papageorgiou, security engineer at CertiK, added that “the deployers were most likely Axion members, as whoever deployed the contracts could also set special owners roles … so they already were considered trusted”.

CertiK has not speculated on the precise identity of the attacker. However, it believes that the attack “could have only been done by those deploying the project.”

$27 Million of AXN Stolen

The exploit against Axion allowed the unknown attacker to mint 80 billion AXN tokens, then sell those tokens on the Uniswap exchange. Prior to the attack, that amount was worth $27 million, though the token’s price has now collapsed to $0.

To prepare for the attack, the hacker circulated 2.1 ETH on for privacy. The attacker also purchased 700,000 HEX2T tokens as part of a “smokescreen,” CertiK says.

Though the attack was sizable in terms of its dollar value, it is notable primarily because the hacker followed an unusual line of attack. It remains to be seen if hackers can imitate this line attack and carry it out against other blockchain projects.

Share this article