Verify a decision

{"actor":"system:backfill","investigation_id":"ad276029-bc56-46ce-810e-55234c4c650c","kind":"publish","page_slug":"orbit-chain-bridge","published_at":"2026-05-30T18:33:15.199Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Orbit Chain Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/cross-chain-protocol-orbit-bridge-suffers-exploit-hack","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2024/01/02/orbit-chain-loses-81m-in-cross-chain-bridge-exploit","type":"other","url":""},{"credibility":3,"name":"https://medium.com/orbit-chain/official-statement-regarding-orbit-bridge-exploit-551928f3dc52","type":"other","url":""},{"credibility":3,"name":"https://cryptobriefing.com/orbit-chain-exploited-816-million-drained-cross-chain-bridge/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-orbit-bridge-hack-december-2023","type":"other","url":""},{"credibility":3,"name":"https://medium.com/orbit-chain/official-statement-regarding-orbit-bridge-exploit-551928f3dc52","type":"other","url":""},{"credibility":3,"name":"https://cryptopotato.com/new-year-new-attack-orbit-bridge-drained-for-82m/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.theblock.co/post/274411/orbit-bridge-firewall-sabotage-exploit","type":"other","url":""},{"credibility":3,"name":"https://dailycoin.com/ozys-blames-former-ciso-for-81-5m-orbit-bridge-exploit/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2024/01/25/ozys-alleges-former-cisos-role-in-firewall-breach/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/orbit-chain/official-statement-regarding-orbit-bridge-exploit-551928f3dc52","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-orbit-bridge-hack-december-2023","type":"other","url":""},{"credibility":3,"name":"https://cryptonews.com/news/south-korean-agencies-investigate-82m-orbit-bridge-hack/","type":"other","url":""},{"credibility":3,"name":"https://therecord.media/korean-police-investigating-cryptocurrency-theft-orbit-chain","type":"other","url":""},{"credibility":3,"name":"https://cointelegraph.com/news/cross-chain-protocol-orbit-bridge-suffers-exploit-hack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/orbit-chain-hacker-moves-nearly-48-million-via-tornado-cash","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2024/06/10/orbit-chain-hacker-moves-47-7-million-to-tornado-cash/","type":"other","url":""},{"credibility":3,"name":"https://dailycoin.com/orbit-chain-hacker-online-48m-tornado-cash/","type":"other","url":""},{"credibility":3,"name":"https://blockchain.news/flashnews/eth-alert-orbit-chain-hack-wallet-launders-4-320-eth-via-tornado-cash-total-17-242-eth-moved-after-81-5m-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://socket.dev/blog/orbit-chain-offers-8M-bounty","type":"other","url":""},{"credibility":3,"name":"https://medium.com/orbit-chain/official-statement-regarding-orbit-bridge-exploit-551928f3dc52","type":"other","url":""},{"credibility":3,"name":"https://medium.com/orbit-chain/orbit-bridge-exploit-asset-recovery-and-ecosystem-normalization-plan-draft-3aa7ac2a6e4a","type":"other","url":""},{"credibility":3,"name":"https://www.coindesk.com/business/2024/01/02/orbit-chain-loses-81m-in-cross-chain-bridge-exploit","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cypherhunter.com/en/p/ozys/","type":"other","url":""},{"credibility":3,"name":"https://medium.com/orbit-chain/hashed-ozys-ad5aeade42ed","type":"other","url":""},{"credibility":3,"name":"https://medium.com/orbit-chain/alameda-research-strategically-partners-with-orbit-chain-b88d1021c9f5","type":"other","url":""},{"credibility":3,"name":"https://orbitchain.io/","type":"other","url":""}]}],"sources_used":[],"summary":"Orbit Bridge is the cross-chain bridging protocol of Orbit Chain, developed by South Korean blockchain company Ozys. On December 31, 2023, attackers compromised seven of ten multisig private keys and drained approximately $81.5 million in ETH, WBTC, USDT, USDC, and DAI from the Ethereum vault in the largest crypto hack of New Year's Eve 2023. The attack has been attributed with medium-to-high confidence to North Korea's Lazarus Group, with an additional alleged insider-threat dimension involving Ozys' former chief information security officer, who allegedly sabotaged the company firewall weeks before the exploit.","timeline":[{"date":"2018-01-01","event":"Orbit Chain launched by Ozys as a cross-chain bridging protocol supporting multiple public blockchains.","source":""},{"date":"2023-11-20","event":"Ozys' former Chief Information Security Officer submits a voluntary resignation request.","source":""},{"date":"2023-11-22","event":"The former CISO allegedly makes unauthorized changes to Ozys' internal firewall policies without notifying the company, according to Ozys' later allegations.","source":""},{"date":"2023-12-06","event":"The former CISO departs Ozys without disclosing firewall changes or providing handover documentation.","source":""},{"date":"2023-12-31","event":"At approximately 20:52 UTC, an attacker pre-funds an intermediary wallet with 10 ETH sourced from Tornado Cash and begins executing the Orbit Bridge exploit.","source":""},{"date":"2024-01-01","event":"Six transactions drain approximately $81.5 million (ETH, WBTC, USDT, USDC, DAI) from the Orbit Bridge Ethereum vault between 05:52–06:25 KST. Development team notified at 07:05 KST; vault shut down at 07:21 KST.","source":""},{"date":"2024-01-01","event":"Seoul Metropolitan Police notified at 10:00 KST. KISA notified at 10:35 KST. Security firm Theori engaged for joint investigation.","source":""},{"date":"2024-01-10","event":"Investigators discover that the former CISO had arbitrarily changed firewall policies on November 22, 2023. Ozys notifies South Korea's National Intelligence Service; NIS opens formal investigation.","source":""},{"date":"2024-01-11","event":"Orbit Chain announces an $8 million USD public bounty for intelligence leading to attacker identification or fund recovery.","source":""},{"date":"2024-01-25","event":"Ozys publicly alleges that its former CISO sabotaged the firewall and files civil lawsuit and criminal complaint against the former employee.","source":""},{"date":"2024-06-08","event":"After approximately five months of dormancy, the exploiter moves 12,932 ETH (approximately $47.7 million) through Tornado Cash across seven transactions.","source":""}]},"v":1}