Ozys Blames Former CISO for $81.5M Orbit Bridge Exploit

Ozys is pursuing civil and criminal proceedings against its former CISO for possible involvement in $81.5M Orbit Bridge exploit.

by . Fact checked by: Ciaran Lawler, Editor: Stefan Trapp
Published:
Hacker watching Orbit Bridge exploit on a roof of a building.
Created by Kornelija Poderskytė from DailyCoin
Google News Follow Button
  • Ozys has blamed its former CISO for a recent exploit on Orbit Bridge.
  • The bridge was exploited for $81.5 million on January 1.
  • The company said it was pursuing civil and criminal proceedings against the former employee.

On Thursday, South Korean blockchain technology company Ozys said its former chief information security officer (CISO) might be connected to the recent $81.5 million exploit on Orbit Bridge.

The company’s Orbit Bridge Ethereum Vault was attacked six times on January 1, leading to the theft of 231 wBTC, 9,500 Ether, 30 million USDT, 10 million DAI, and 10 million USDC. The attacker swapped the funds into ETH and DAI and sent them to eight addresses, where they have been stored without movement to date.

Ozys Employee “Weakened Firewall” Before the Attack

According to a blog post published on January 25, the January 1 attack was not caused by a vulnerability on the Orbit Bridge smart contract or “theft of validator keys” as initially thought.

Sponsored

While multiple agency investigations are ongoing, the company said it had stumbled upon a crucial lead to the attacker, who might be its former employee.

“While reviewing the existing firewall policy with a maintenance company for the design of a new security network, on November 22, 2023, Mr. A, who was serving as the Chief Information Security Officer of Ozzys, arbitrarily deleted the main firewall in the company,” Ozys CEO Jinhan Choi wrote.

The statement described Mr. A as an information security expert “who oversaw the work to acquire Ozis ISMS certification.” Mr. A allegedly “made the firewall vulnerable” two days after deciding on voluntary retirement. The attack happened less than a month later.

After the development, Ozys said it is pursuing civil and criminal proceedings against the employee. Per a local media outlet, the company further submitted a petition requesting the police to investigate Mr. A’s possible involvement with the hack.

Sponsored

Read about the biggest crypto hacks of 2023:
Biggest Crypto Hacks of 2023 Resulted in Over 70% of Losses

Stay updated on how to prevent a SIM swap attack:
How to Prevent a SIM Swap Attack as SEC Falls Prey

DailyCoin Newsletter

The hottest crypto news, straight to your inbox!

newsletter icon

Get a daily dose of crypto stories in a quick read with a tongue-in-cheek twist! Suitable for everyone, from crypto newbs to battle-tested veterans.

      You can easily unsubscribe at any time. Spoiler Alert: You won’t want to!

      This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

      Tags
      Author
      Brian Danga
      Brian Danga

      Brian Danga, a Kenyan crypto reporter, is dedicated to delivering breaking news and updates from the cryptocurrency world. With a background as a Web3 writer and project manager, he recognizes the importance of unbiased reporting. Holding an LLB degree from the University of Nairobi, Brian's analytical skills contribute to his accurate news reporting. His personal interests include cooking, watching documentaries, reading, and engaging in intellectual discussions.