Orbit Bridge Hacker Suspected in Coinspaid and Coinex Breaches

cryptonews.com:

Blockchain analysts from Match Systems have found that the Orbit Chain hackers used the same tactics as those in several other high-profile attacks – suggesting that a cybercrime organization, possibly the infamous Lazarus Group, stands behind these hacks.

This criminal group seems to have been busy last year. Cointelegraph cited a January 3, 2024, report by Match Systems, naming Coinspaid, Coinex, and Atomic Wallet among the group’s victims.

Per the report,

“[The analysis] gives reason to believe that the same criminal group may be involved in the hacking of the Orbit bridge, which in 2023 had previously committed several large hacks of the cryptocurrency services Atomic wallet, CoinsPaid, CoinEx, etc., using tools and patterns of the well-known Lazarus group.”

As the new year approached, hackers exploited Orbit Bridge, the cross-chain bridging service of a South Korean-based multi-asset Orbit Chain, making off with $82 million.

Read more: Are Hackers Two Steps Ahead of Security in a Cat-and-Mouse Game? Experts Answer

The analysts found that the hackers used Tornado Cash. They had gas funds from other accounts that withdrew them from the popular crypto mixer.

A mixer does ‘mixes’ different funds in order to obscure the trail leading back to the original sources. Therefore, hackers use it to mix their identifiable funds with others’ funds.

That said, Match System reportedly ‘de-mixed’ the funds using specialized software. It analyzed the “characteristics and patterns before and after the Tornado.cash mixer, considering transaction volumes and dates/times, as well as other specialized methods.”

What the team discovered was a group of addresses. One of them used the SWFT protocol to transfer funds to other addresses. The protocol