The attackers exploited vulnerabilities in the systemu2019s cross-chain verification layer, known as the Decentralized Verifier Network (DVN).
The US-based firm said the entry point was the compromised Context.ai tool used by an employee.
The technique exploits the .NET AppDomainManager mechanism, allowing attackers to run malicious code inside a trusted process.
Authorities allege he led a ransomware operation that breached corporate servers, encrypted sensitive data, and demanded Bitcoin payments.
The attacker posed as an external IT support worker using a fake Microsoft 365 domain designed to appear legitimate.
Tyler Buchanan and his co-conspirators targeted at least a dozen companies and stole at least $8 million from victims across the US.
More recent incidents show a shift toward social engineering and alternative entry points.
