The Orbit attacker used SWFT, Avalanche Bridge, Sinbad mixer, implying that it may be associated with Lazarus.
The attacker who drained $81.5 million from the Orbit bridge may have also been involved in several other 2023 crypto cyberattacks, including those against Coinspaid, Coinex, and Atomic Wallet, according to a January 3 report from blockchain analysts Match Systems seen by Cointelegraph.
Specifically, the report claims that its analysis “gives reason to believe that the same criminal group may be involved in the hacking of the Orbit bridge, which in 2023 had previously committed several large hacks of the cryptocurrency services Atomic wallet, CoinsPaid, CoinEx, etc., using tools and patterns of the well-known Lazarus group.”
Match Systems attempted to trace the Orbit attacker’s activity on the blockchain. They discovered that the attacker’s account was pre-seeded with gas funds from other accounts that withdrew them from Tornado Cash. Withdrawing from Tornado Cash is a common tactic used by cybercriminals to obscure the source of their funds.