Ozys’ Former Chief Security Officer Allegedly Weakened Security of Network Weeks Before $81.5M Hack

Author: CoinSense

South Korean blockchain network Ozys has made a damning revelation in the aftermath of its January 1, 2024 platform hack.

In a January 25 Medium blog post, Ozys CEO Jinhan Choi clarified that the breach was not a result of overlooked security measures on their part. Rather, it was a deliberate act by their former Chief Information Security Officer (CISO), who intentionally weakened the firewall security of the blockchain protocol.

According to Choi, the undisclosed individual altered the network’s firewall policies on November 20, just two days before submitting a voluntary resignation request. The CISO then left the company on December 6, 2023, without any form of communication, leaving the team unaware of the security changes.

The anomaly was discovered on January 10 when approximately $81.5 million of investors’ digital funds mysteriously disappeared. The cyber attack, which was spread across six specific incidents, led to the transfer of $50 million in stablecoin (comprising $30 million in USDT, $10 million in MakerDAO’s DAI, and $10 million in USDC).

Additionally, 231 wrapped Bitcoins (wBTCs) valued at around $10 million and 9,500 Ether tokens worth $21.5 million were pilfered from the Orbit Bridge Chain.

These assets were converted to ETH and DAI before being transferred to eight crypto wallets. Currently, Ozys reports that the digital funds remain dormant in these wallets.

Ozys is actively collaborating with law enforcement agencies such as the Korea Internet Security Agency (KISA), National Police Agency (NPA), and others to address the issue. Legal action is also being pursued against the former CISO.

Furthermore, the cross-chain bridging network has contracted blockchain security firm Theori to audit its smart contracts code to prevent a recurrence of such incidents.

 

Lazarus Group Likely Involved

Another astonishing revelation shared by Choi involves the potential role the infamous North Korea-backed cyberthreat team Lazarus Group had to play in the company’s ordeal.

According to the Medium blog post, the state-backed cybercriminal group might be involved due to the apparent similarities surrounding the attack methodology used to breach the cross-chain service.

In light of this revelation, the Ozys team has notified the Korean National Intelligence Service (NIS) and the NPA’s Cyber Terror Investigation Unit to substantiate their fears.

The Lazarus Group has a track record of orchestrating various malicious campaigns against the burgeoning crypto ecosystem. Notably, in 2022, a Chainalysis report revealed that the Lazarus Group managed to abscond with $1.7 billion in stolen digital assets.

In 2023, these hackers exhibited no signs of slowing down in their malicious activities, having plundered a whopping $1 billion from the industry’s overall annual loss of $1.7 billion.

​​https://twitter.com/chainalysis/status/1750156780657680864?s=20

In total, the Lazarus Group launched 20 malicious attacks and stole $428.8 million from DeFi protocols, $150 million from centralized crypto service operators, and $330.9 million from crypto exchanges in the span of a year.