Former Ozys security chief accused of sabotaging firewall before $81.5 million Orbit bridge exploit

Ozys, the South Korean blockchain technology company that suffered an $81.5 million hack on its cross-chain protocol Orbit Bridge, alleged in a blog post on Thursday that its former chief information security officer had arbitrarily weakened the company firewall before the security breach. Ozys did not disclose the name of the former employee.

The company has filed a lawsuit for damages against its former CISO while submitting a petition requesting the local police to investigate the former employee's possible involvement with the hack, South Korean news agency News1 reported Thursday. 

Ozys alleges that the former security chief made several changes to the internal firewall on Nov. 22, two days after the employee requested voluntary resignation. They allegedly left the company on Dec. 6 without alerting the company about the changes made in the security settings, which Ozys discovered on Jan. 10.

On Jan. 1, an “unidentified access” to Orbit Bridge sent $50 million in stablecoins (30 million USDT, 10 million DAI and 10 million USDC), 231 wBTC (about $10 million), and 9,500 ether (about $21.5 million) in six transactions to eight fresh wallets. 

In the blog post, Ozys said it is also investigating the possibility of North Korea-backed hacker group Lazarus’ involvement in the hack and has alerted the National Intelligence Service. The company is also working with cybersecurity firm Theori, South Korean police and the Korea Internet & Security Agency.

“We will mobilize all resources, no matter how long it takes, to track down the attacker, and ultimately work to the end to freeze and recover the seized assets,” Ozys CEO Choi Jin-han said in the announcement, adding that the company will update users with a recovery plan as soon as available.

Ozys did not immediately respond to The Block’s request for further details and comments.