Cryptocurrency platform loses R$400 million and blames security director

a Track bridge, a service that allows the conversion of assets between different blockchains, was hacked on January 1, causing the loss of approximately R$400 million worth of cryptocurrencies. On Thursday (25), Ozys, the company behind Orbit, published a statement about the incident.

The main suspect was initially said to be the North Korean hacker group Lazarus. However, it was later discovered that Ozys’ chief security officer had made changes to the company’s main firewall before leaving his position.

The investigation was supported by security company Theori and several South Korean agencies, such as the National Intelligence Service, the National Police Bureau and the Korean Internet and Security Agency. The director’s name was not revealed.

Security director is the prime suspect in a R$400 million hack

Although the year has only just begun, the R$400 million Orbit Bridge hack is expected to remain one of the largest until the end of 2024. What draws the most attention, however, is the possible involvement of the security director of the company that managed the protocol. .

In an article published on Thursday (25), the CEO of Ozys states that this director had 25 years of experience, that is, the changes to the firewall were not a mistake, but intentional. That’s why they’re suing the former employee.

“Two days after the decision on voluntary retirement (November 20), “Mr. A” suddenly left the firewall vulnerable and did not share this information verbally or in writing during the transfer process.”wrote Jinhan Choi, CEO of Ozys and developer of Orbit Bridge, about the matter.

“Less than a month later, on January 1, 2024, the Orbit Bridge exploration took place.”

The hack took place on the first day of the 24th at 5:52 am local time in South Korea. Five cryptocurrencies were stolen, including Ethereum, Wrapped Bitcoin, USDT, USDC and DAI. The losses amount to US$81.5 million (R400 million).

Following the theft, hackers converted the amounts into ETH and DAI, in an attempt to ensure that USDT, USDC and wBTC were not frozen by the companies that manage them, as happened in other cases. So there was prior preparation.

Case reminiscent of the Ronin hack, one of the largest in history

As cybersecurity increases, hackers are looking to alternatives such as social engineering to succeed in their attacks. One of the biggest examples was the R$3 billion hack of Ronin, linked to Sky Mavis’ Axie Infinity.

According to reports, the Ronin hack started through a fake job posting on LinkedIn. After gaining the attention and trust of Sky Mavis employees, the hackers were able to send infected files to them, giving them access to control over the network.

Although the Orbit Chain case has not yet been cleared up, it can therefore be assumed that the security director was part of hackers. Another hypothesis is that he acted alone.

Source: Live Coins