Orbit Chain exploited, $81.6 million drained from cross-chain bridge
Orbit Chain is coordinating its investigation with the Korean National Police Agency and KISA (Korea Internet & Security Agency), as well as with Theori, a Korea-based global security firm.
Share this article
Orbit Chain’s cross-chain bridging protocol Orbit Bridge was exploited on Saturday, December 30th, resulting in over $81 million stolen across major cryptocurrencies like USDT, ETH, and WBTC in a matter of hours.
The protocol has confirmed the attack and issued a statement on X.
Dear Orbit Bridge Users,
An unidentified access to Orbit Bridge, a decentralized Cross-chain protocol, was confirmed on Dec-31-2023 08:52:47 PM +UTC.
Further information regarding the issue will be updated.
— Orbit Chain (@Orbit_Chain) January 1, 2024
Preliminary examination into the attack suggests the hacker leveraged the Tornado Cash mixing service to obfuscate transactions before exploiting vulnerabilities in Orbit Chain’s Ethereum vault.
Data from Arkham Intelligence shows that the threat actor systematically drained assets from Orbit Bridge, splitting the theft into five transactions totaling $82 million. Transferred funds included $30 million in Tether stablecoin USDT, $10 million of stablecoin USDC, 21.7 million in ETH, $9.8 million of wrapped Bitcoin WBTC, and $10 million worth of DAI.
The exact attack vector is unknown, but the funds were likely stolen by exploiting a vulnerability in the bridging process itself, allowing assets to be minted on one chain without being burned on the originating chain. This points to a weakness in the cryptographic proofs or relayers meant to guarantee atomic transfers.
Orbit Chain is coordinating its investigation with the Korean National Police Agency and KISA (Korea Internet & Security Agency), as well as with Theori, a Korea-based global security firm. The project is also in talks with 26 other security firms to collaborate on the investigation.
The project has a security certification issued by KISA in September 2023. The project touts strong links with the Klaytn blockchain, as 8 of the top assets on Klaytn are wrapped versions bridged from Ethereum through the Orbit Bridge, which was created by Ozys, the same team behind KlaySwap and Belt Finance.
On-chain tracking indicates the hacker funded a wallet using Tornado Cash, a platform sanctioned for enabling illicit transfers by obscuring transaction details. The anonymized wallet then drained Orbit Chain’s Ethereum vault in an attack exploiting the network’s cross-chain infrastructure.
Over $64 million in ETH and $18 million of DAI stolen during the heist were subsequently moved to several fresh Ethereum addresses. These hacker-controlled wallets now hold the stolen 26,741.6 ETH and DAI tokens. Orbit Chain says that it has requested major global crypto exchanges to freeze stolen assets.
Orbit Chain claims, however, that the stolen assets remain unmoved.
“Our team is constantly monitoring the stolen asset, and we promise to inform the community once the address associated with the stolen asset has taken action,” the project said on X.
Data from DeFiLlama indicates that the project’s TVL (total value locked) has declined from $152 million to $71 million after the exploit, with outflows reaching $81.8 million. The project’s native ORC token also declined 13% after news of the exploit surfaced, while its market cap has recovered to $36 million over the past 24 hours.