Orbit hacker may also have done Coinspaid, Coinex hacks.
The attacker who invested $81.5 million from Orbit Bridge may be involved in several other 2023 crypto cyberattacks, including those against Coinspaid, Coinex, and Atomic Wallet, according to a Jan. 3 report by blockchain analysts MachSystems via Cointelegraph.
In particular, the report's analysis shows that “the same criminal group in 2010 He said that in 2023, it gives reason to believe that many cryptocurrency services such as Atomic wallet, Coinspide, CoinEx, etc. may be involved in the hacking of the orbital bridge. Using the tools and styles of the famous Lazarus group.
Match Systems attempted to trace the Orbit attacker's activity on the blockchain. They discovered that the attacker's account was pre-seeded with gas funds from other accounts he withdrew from Tornado Cash. Tornado Cash withdrawals are a common technique used by cybercriminals to hide the source of their funds.
However, the analysts say they have “successfully conducted a mix-up” to reveal the source of these funds. To perform the mixing, they used special software to analyze the characteristics and patterns before and after the Tornado.cash mixer, taking into account the size and date/time of the transaction and other special methods.
Related: What is Cryptocurrency Mining and How Does It Work?
This mixer showed a group of addresses, one of which used the SWFT protocol to redirect to other addresses. Some of the money sent through SWFT went out to several other chains, eventually ending up in a single Tron wallet.
He then sent them to an exchange to withdraw money from Tron's wallet. Match Systems could not confirm the exchange's location or jurisdiction, but said some data indicated it was “CIS-related.” [Commonwealth of Independent States] region”
Match Systems claims that the SWFT protocol was also used in the DFX Finance, Deribit and AscendX attacks. Additionally, Avalanche Bridge and Sinbad were used in Orbit Assault and these earlier events, giving them more commonalities to combine together.
Match Systems also claims that these techniques were used in the 2023 Atomic Wallet and CoinsPaid Hacks, and Match Systems sees this new attack as evidence that it may have been carried out by the same criminal enterprise. The CoinEx hack is also credited to Lazarus.
The U.S. Federal Bureau of Investigation has identified the cybercriminal group “Lazarus” as the perpetrator of the 2023 Atomic Wallet and Coin Payment based on behavioral analysis derived from blockchain data.
The orbital bridge attack is the last major Web3 protocol exploit of 2023. It happened on New Year's Eve.
