The Allegations
Ozys, the South Korean tech entity that engineered the cross-chain bridge known as Orbit Bridge, has recently leveled serious accusations against a former team member. The allegations suggest that this individual played a critical role in orchestrating an attack on the protocol, leading to a staggering loss of $80 million in crypto assets.
Investigation Insights
An ongoing investigation has brought to light that the former Chief Information Security Officer (CISO) of Ozys deliberately weakened the internal firewall protections. This security lapse occurred on November 22, 2023, shortly after the individual had tendered their resignation. Despite severing ties with the company on December 6, the ex-employee failed to inform the firm of the adjustments made to the security frameworkâan oversight that Ozys argues was far from accidental.
Legal and Law Enforcement Actions
Ozys has not only brought this issue to the attention of the authorities but has also initiated legal proceedings against the former staff member. The company’s actions include filing a damage claim and requesting a thorough police investigation to determine the possibility of collusion between the ex-employee and external hacking entities.
Broader Investigation
The incident has sparked a collaborative investigation involving Ozys, cybersecurity firm Theori, the National Intelligence Service, local police, and the Internet and Security Agency. Among the focal points of this investigation is the potential involvement of the infamous Lazarus Group, a collective of cybercriminals believed to be linked to North Korea.
Next Steps for Orbit Bridge
Ozys has committed to keeping its users informed about the measures being taken to recover the lost funds and the timeline for these efforts. The breach is a significant setback for Orbit Bridge, which earlier in the year had already suffered from a hacker attack leading to substantial financial losses.
English