n recent news, it has been revealed that the infamous Orbit Bridge hacker is suspected to be behind the breaches in Coinspaid and Coinex. This cybercrime organization, possibly the Lazarus Group, has been using similar tactics in multiple high-profile attacks. 

Image of a hacker without face doing something on his laptop
Orbit Bridge hacker suspected in the breaches of Coinspaid and Coinex.

The Connection to the Lazarus Group

Blockchain analysts from Match Systems have discovered that the hackers responsible for the Orbit Bridge breach have employed the same methods as those used in other notable attacks. This suggests the involvement of a cybercrime organization, with the Lazarus Group being a strong possibility. The Lazarus Group has been known for its involvement in various cyberattacks, including those on cryptocurrency services.

According to a report by Match Systems, the analysis indicates that the same criminal group may be responsible for hacking the Orbit bridge as well as other cryptocurrency services like Coinspaid, Coinex, and Atomic Wallet. The hackers have utilized tools and patterns associated with the Lazarus Group in carrying out these attacks.

The Orbit Bridge Hack

As the new year began, hackers exploited the Orbit Bridge, a cross-chain bridging service provided by the South Korean-based multi-asset Orbit Chain. The breach resulted in a staggering $82 million being stolen. This incident highlights the vulnerability of cryptocurrency services and the need for robust security measures.

The analysts discovered that the hackers utilized Tornado Cash, a popular crypto mixer, to obscure the trails leading back to the original sources of the funds. The funds were mixed with others to make them untraceable. However, Match Systems was able to "de-mix" the funds using specialized software and analysis techniques.

The analysis revealed a group of addresses involved in the breaches. One of these addresses used the SWFT protocol to transfer funds to other addresses. It was also found that the same protocol was used in attacks on DFX Finance, Deribit, and AscendEX. Additionally, the hackers also utilized Avalanche Bridge and Sinbad in the Orbit Bridge breach, which further strengthens the connection to the Lazarus Group.

Lazarus Group's Impact

The Lazarus Group has been a significant threat to the cryptocurrency ecosystem. In 2023 alone, they were responsible for stealing $308.6 million, which accounted for 17% of the total losses that year. Their high-profile attacks on platforms like Atomic Wallet, CoinEx, Alphapo, Stake, CoinsPaid, and the Ronin Network resulted in massive financial losses.

As we approach 2024, concerns about the escalating sophistication of the Lazarus Group are mounting. They have demonstrated proficiency in exploiting infrastructure vulnerabilities, smart contract weaknesses, and have conducted meticulous social engineering operations. This makes them one of the most pressing threats to the web3 ecosystem today.

Similar Articles