Another top blockchain deal provider has been hacked, with millions in crypto stolen

representational image of a cloud firewall
Image Credit: Pixabay (Image credit: Pixabay)

Cryptocurrency bridges continue to be a major target for hackers, as yet another one is drained of significant funds.

In the late evening of December 31, 2023, a threat actor reportedly exploited a vulnerability in the Orbit Chain platform to steal a total of $86 million. 

The funds were siphoned off "almost instantly", with the hackers stealing various cryptocurrencies, such as Ether, Dai, Tether, and USD Coin.

A bug in the system?

The investigation is currently ongoing and there are many unknowns, but media outlets are saying that the most likely culprit is Lazarus.

Lazarus is an infamous North Korean state-sponsored threat actor that has been targeting cryptocurrency businesses and bridges for years now. In fact, BleepingComputer reminds that it was Lazarus who previously breached Belt Finance and KlaySwap - both of which are part of the Ozys project together with - you guessed it - Orbit chain.

It remains unclear exactly how the hackers managed to breach the bridge, but it’s likely that the project was flawed. Many of the bridges that have been hacked throughout the years were later found to have been imperfect.

In the meantime, Orbit Chain said it is cooperating with the local law enforcement (Korean National Police Agency), as well as the Korean Internet and Security Agency (KISA), which apparently specializes in North Korean threats. The idea is to try and identify where the tokens ended up, and freeze them.

“Orbit Chain team has developed a system for investigation support and cause analysis with the Korean National Police Agency and KISA (Korea Internet & Security Agency), enabling a more proactive and comprehensive investigation approach,” the project announced in an X post. “Furthermore, we are also discussing close cooperation with domestic and foreign law enforcement agencies.”

To make matters even worse, other hackers started preying on the victims, using verified X accounts to promote phishing sites. These sites impersonate refund portals, tricking people into connecting their wallets only to have them drained, too. 

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.