Ozys Suspects Former Security Chief of Weakening Firewall Before Hacking
South Korean blockchain technology company Ozys has accused its former cybersecurity chief of deliberately weakening the company’s firewall settings prior to a major hack. The ex-employee allegedly made changes to the firewall on November 22, just after requesting to resign, which resulted in a massive breach on January 1.
Ozys is exploring the possibility of the involvement of North Korean group Lazarus in the attack and is collaborating with the police and intelligence services.
A Security Flaw at the Heart of the Orbit Bridge Attack
Ozys suffered a significant $81.5 million hack on its cross-chain protocol Orbit Bridge. According to a blog post published on Thursday, Ozys accuses its former IT security director of arbitrarily weakening the company’s firewall prior to the security breach. The company has filed a damages lawsuit against the ex-employee and has requested the local police to investigate their potential involvement in the hacking incident.
The security settings changes, discovered on January 10, were made on November 22, two days after the employee submitted their voluntary resignation and before their departure from the company on December 6.
Repercussions and Measures Taken
On January 1, an “unidentified access” to Orbit Bridge transferred $50 million worth of stablecoins, 231 wBTC (approximately $10 million), and 9,500 ether (approximately $21.5 million) in six transactions to eight new wallets.
We will mobilize all necessary resources, regardless of how long it takes, to track down the attacker and work tirelessly to freeze and recover the seized assets.
In its blog post, Ozys also revealed that it is investigating the possibility of North Korean-backed hacking group Lazarus being involved in the attack. The company is working with cybersecurity firm Theori, the South Korean police, and the Korean Internet and Security Agency.