South Korea just saw a massive $82 million Claytont ecosystem bridge hack. The Darknet Hacking Group is confirmed to be Lazarus Group, a North Korean hacking group that helps fund the local government. This particular hack took place just hours before the New Year’s Eve celebrations. Attackers took advantage of a vulnerability, and this resulted in the loss of funds and the involvement of an uncertain existence, which worsened the situation. This was probably 2023’s last hack, but it proves a point about what is coming in 2024’s bull run. A year filled with extreme hacks.
Key Takeaways
- A hacker group bagged more than $82 million through the Orbit Bridge.
- North Korea’s infamous Lazarus Group is suspected to be behind the heist, marking a continuation of their pattern of significant cryptocurrency thefts and posing broader national security concerns.
- Hackers have taken OpSec measures, including the use of coin mixers to obscure the stolen Bitcoin’s trail.
- The immediate response from OZYS and the involvement of intelligence agencies reflect the serious nature of the hack, with ongoing efforts aimed at recovering lost funds and strengthening defences against future cyberattacks.
- Orbit has done everything it could to get its funds back. Offering up to $8 Million to the hackers to drop all charges.
Ozyz Confirms Hack
For those that don’t know, the Orbit Bridge is crucial link joining major platforms such as Kakao’s Claytont and WEMADE’s WEMIX. A Darknet hacking group managed to snatch a staggering $82 million in cryptocurrencies. OZYS, the company managing Orbit Bridge, promptly responded to a security breach in their system. The breach was publicly disclosed on January 1, in compliance with South Korea’s Information and Communications Telecommunications Act. This act necessitates timely reporting of such incidents, ensuring transparency and regulatory adherence. OZYS’s announcement of the breach was not only a fulfillment of legal requirements but also a critical step in addressing the cybersecurity issue within the cryptocurrency sector.
An X.com user by the name of “Kgjr (Clueless333)” first identified that the bridge was being drained.
The involvement of South Korea’s National Intelligence Service (NIS) in this case is a significant development, differentiating it from typical cybercrimes in the cryptocurrency space that usually involve the National Police Cyber Investigation Unit and the Korean Cyber Security Agency (KISA). The NIS’s engagement indicates the gravity of the situation, as it suggests potential implications for national security beyond the immediate financial losses. This high-level response from the NIS underscores the serious nature of the breach and its potential impact on a broader scale, reflecting the increasing concern over cybersecurity in the realm of digital finance.
The Lazarus Group
The Lazarus Group, a North Korean hacking entity, is at the centre of investigations into the recent Orbit Bridge hack. Match Systems, a cybersecurity research firm, has identified striking similarities between this incident and previous high-profile cyberattacks, suggesting the involvement of this notorious group. The Lazarus Group has a notable record of cybercrimes, with their activities in 2023 alone accounting for a substantial $308.6 million theft, representing about 17% of the total losses in the cryptocurrency industry for that year. This includes the infamous Stake Hack.
Looking at their strategy, exploiting industry weak spots, leveraging smart contract vulnerabilities, and executing carefully planned sociotechnical operations. The reputation of the Lazarus Group as a persistent and formidable threat in the cyber world is well-established. Their activities paint a concerning picture of the challenges faced in securing digital assets and highlight the ongoing battle against cybercrime in the cryptocurrency sector. The involvement of the Lazarus Group in the Orbit Bridge hack, if confirmed, would add another significant event to their history of high-stakes cyber heists.
Clues Found in the Blockchain
As investigators explored the aftermath of the Orbit Bridge hack, interesting developments surfaced. A holding wallet recently received almost $1.2 million worth of Bitcoin (BTC) from the infamous Lazarus Group, marking their most significant transaction in the last 30 days. Arkham, a blockchain research organization, revealed that the Lazarus Group’s wallet had two transactions totalling 27.371 BTC. This shows significance against the backdrop of a potential spot Bitcoin ETF approval in the U.S., with investors expecting changes around the SEC’s decision. Notably, 3.34 BTC from this wallet were further moved to another previously used wallet, making use of a coin mixer to confuse the transaction trail.
Insights and Future Prospects
Arkham estimates the total value of the Lazarus Group’s wallets at approximately $79 million, with around $73 million in Bitcoin and $3.4 million in Ether (ETH). A new study from TRM Labs reveals that one-third of all cryptocurrency hacks and thefts in 2023 were initiated by hackers linked to North Korea, particularly the Lazarus Group. This latest move shows that the Lazarus Group’s lengthy history of sophisticated cyber thefts, especially those involving cryptocurrency.
The ongoing investigation, led by the NIS and other relevant agencies, takes place in a challenging environment. While a direct link to North Korea has yet to be confirmed, the possibility is actively speculated upon. Blockchain researchers have found similarities in hacking techniques, including the use of the SWFT protocol in other notorious attacks on DFX Finance, Deribit, and AscendEX. Crucial questions emerging from the study is revolved around the potential recovery of stolen funds, the impact on victims, and the wider consequences on the cryptocurrency ecosystem. Match Systems’ analysis, using specialized software to trace the funds, revealed routes connecting to Tron wallets, presenting major challenges in getting access.
Orbit Fights For Its Losses
In the unfolding drama of the $82 million Orbit Bridge hack, Orbit has done everything it could to get its funds back. Offering up to $8 Million to the hackers to drop all charges. In response to the recent hack of Orbit Bridge, the Orbit Chain team has undertaken significant efforts to negotiate with the attackers for the return of the stolen funds. The team set a final deadline for these negotiations at 10:00 AM (UTC+9) on January 11, 2024, following an initial communication with the attackers at around 2:30 PM (UTC+9) on an earlier date.
The team emphasized that all standard communication protocols, including those related to the bug bounty, would be terminated after this deadline. They also stated that if the attackers failed to respond or rejected the offer, Orbit Chain would extend the bounty offer to the public and continue their efforts to track down the attackers with the support of contributors worldwide.
As the attackers failed to negotiate with Orbit, Orbit Chain extended the bounty to the public, offering a maximum reward of $8 million USD. This reward is given to all individuals who can provide crucial information leading to the identification of the attackers or the recovery of the stolen assets.
That being said, when all is said and all is done, the likeliness of these funds showing up for Orbit to reclaim are close to nothing. Atleast they tried.
Hey there, I’m a dark web geek who’s been around for the last 8 years. More precisely, I’m livedarknet’s senior content writer who’s been writing about darknet marketplaces, tutorials, and cybersecurity stuff for educational purposes.