Ozys’ Former Chief Security Officer Allegedly Weakened Security of Network Weeks Before $81.5M Hack

cryptonews.com:

South Korean blockchain network Ozys has made a damning revelation in the aftermath of its January 1, 2024 platform hack.

In a January 25 Medium blog post, Ozys CEO Jinhan Choi clarified that the breach was not a result of overlooked security measures on their part. Rather, it was a deliberate act by their former Chief Information Security Officer (CISO), who intentionally weakened the firewall security of the blockchain protocol.

Official Statement of Ozys Regarding ‘Orbit Bridge Exploit’

Please access the full statement below:

▶ EN: https://t.co/t0UGI6oPRE
▶️ KR: https://t.co/9PLrtCxuDR pic.twitter.com/l6dYBFwNce

— Orbit Chain (@Orbit_Chain) January 25, 2024

According to Choi, the undisclosed individual altered the network’s firewall policies on November 20, just two days before submitting a voluntary resignation request. The CISO then left the company on December 6, 2023, without any form of communication, leaving the team unaware of the security changes.

The anomaly was discovered on January 10 when approximately $81.5 million of investors’ digital funds mysteriously disappeared. The cyber attack, which was spread across six specific incidents, led to the transfer of $50 million in stablecoin (comprising $30 million in USDT, $10 million in MakerDAO’s DAI, and $10 million in USDC).

Additionally, 231 wrapped Bitcoins (wBTCs) valued at around $10 million and 9,500 Ether tokens worth $21.5 million were pilfered from the Orbit Bridge Chain.

These assets were converted to ETH and DAI before being transferred to eight crypto wallets. Currently, Ozys reports that the digital funds remain dormant in these wallets.

Ozys is actively collaborating with law enforcement agencies such as the Korea Internet Security Agency (KISA), National