Orbit Bridge team accuses its former employee of facilitating the $81,5 million hack

What’s new? South Korean company Ozys has accused its former chief information security officer of facilitating the hacking of its Orbit Bridge cross-chain protocol. Damages from the January 1 incident exceeded $81,5 million. Ozys said following an internal investigation that the ex-employee, whose name was not disclosed, arbitrarily weakened internal firewall settings on November 22. At the same time, two days earlier he had written a resignation letter of his own accord.

Developers’ statement

What else is known? Ozys added that the employee left the company on December 6 without notifying his colleagues about the changes made to the security settings. They were only discovered on January 10, already after the hack.

The company filed a lawsuit against the former employee for damages and also asked the police to investigate his possible involvement in the hack.

At the same time, Ozys admits that the hack was carried out by the North Korean hacker group Lazarus. This version is being investigated by the company in cooperation with the National Intelligence Service, the Internet and Security Agency, the police, and the private auditing firm Theori.

Ozys CEO Choi Jin-han said the company is mobilizing all resources to track down the attacker and recover assets, “no matter how long it takes.” The company also pledged to provide users with a compensation plan at a later date.

Chainalysis analysts reported that DPRK hackers, including Lazarus, carried out a record number of attacks on crypto projects in 2023, stealing over $1 billion.

In April this year, decentralized exchange Merlin lost $2 million in a hack. As it later turned out, members of the project’s technical team were involved: they manipulated contracts in the platform’s interface to gain access to pools.

Currently, the largest incident in the history of the crypto industry is the hack of the Ronin sidechain of the Axie Infinity game, carried out by Lazarus. As reported by the media, the theft of $625 million on March 23, 2022, was caused by the carelessness of one of the developers who opened a file with disguised malware.