Cryptocurrency bridges remain a major target for hackers as another misses out on important funds.
In the late afternoon of December 31, 2023, a threat actor allegedly exploited a vulnerability in the Orbit Chain platform to steal a total of $86 million.
The funds were siphoned off “almost instantly,” and the hackers stole several cryptocurrencies, including Ether, Dai, Tether, and USD Coin.
A bug in the system?
The investigation is currently ongoing and there are many unknowns, but media outlets say the most likely culprit is Lazarus.
Lazarus is an infamous North Korean state-sponsored threat actor that has been targeting cryptocurrency bridges and businesses for years. In fact, BleepingComputer recalls that it was Lazarus who previously breached Belt Finance and KlaySwap, both of which are part of the Ozys project along with, you guessed it, the Orbit chain.
It’s still unclear exactly how the hackers managed to breach the bridge, but it’s likely that the project was flawed. It was later discovered that many of the bridges that have been hacked over the years were imperfect.
Meanwhile, Orbit Chain said it is cooperating with local authorities (Korean National Police Agency) as well as the Korea Internet and Security Agency (KISA), which apparently specializes in threats from North Korea. The idea is to try to identify where the chips ended up and freeze them.
“The Orbit Chain team has developed an investigation and cause analysis support system with the Korean National Police Agency and KISA (Korea Internet and Security Agency), enabling a more proactive and comprehensive investigation approach “, announced the project in an X publication. “In addition, we are also discussing close cooperation with domestic and foreign law enforcement agencies.”
To make matters even worse, other hackers began taking advantage of victims, using verified X accounts to promote phishing sites. These sites pose as refund portals, tricking people into connecting their wallets only to empty them as well.