Cross-chain Orbit Bridge reportedly suffers $82M exploit
On December 31, a significant security breach was reported in Orbit Chain, a cross-chain protocol, specifically targeting its bridging service known as Orbit Bridge. The exploit, occurring just hours before the start of the new year, resulted in a staggering loss of $82 million. The breach was initially brought to attention by a pseudonymous Twitter user, Kgjr, who highlighted large outflows from the Orbit Chain Bridge protocol, and this information was corroborated by Onchain investigator Officer CIA and blockchain security firm Cyvers.
Details of the Exploit:
According to information provided by blockchain analytics platform Arkham Intelligence, the hackers successfully siphoned off $81.68 million in ill-gotten funds. This sizable amount was moved through five separate transactions, involving $30 million in Tether (USDT), $9.8 million in Wrapped Bitcoin (WBTC), and $10 million worth of the algorithmic stablecoin DAI. The exploit targeted the vulnerabilities within the Orbit Chain Bridge protocol, allowing the malicious actors to transfer these digital assets to fresh wallets.
Connection to Klaytn Network:
The Orbit Chain protocol is intricately linked to the Klaytn network (KLAY), a modular layer-1 blockchain. As per data from Klaytn’s block explorer, eight of the largest assets on the Klaytn network by total market capitalization are wrapped assets on the Orbit Bridge. The nature of this exploit, however, remains unknown, and efforts to obtain comments from both Orbit Chain and Klaytn were unsuccessful at the time of reporting.
Orbit Chain’s Background and Purpose:
Launched in South Korea in 2018, Orbit Chain serves as a multi-asset blockchain with a primary focus on facilitating cross-chain transfers between various decentralized networks. Its utility extends to transferring assets between networks compatible with the Ethereum Virtual Machine (EVM) and Klaytn. It’s important to note that Orbit Chain should not be confused with Orbiter Finance, a distinct cross-chain bridging protocol, despite the similarity in names.
Loss Breakdown and Initial Findings:
PeckShield Inc., a blockchain security firm, reported that the initial loss incurred by Orbit Chain amounted to approximately $81.5 million. This loss encompassed significant amounts in various cryptocurrencies, including $30 million in USDT, $10 million in USDC, $10 million in DAI, 230.879 WBTC, and 9,500 ETH. The exploiter initiated the attack by funding it with 10 ETH from TornadoCash and subsequently transferring them through an intermediary address.
As the exploit unfolded just before the start of the new year, the cryptocurrency community awaits further details regarding the nature of the security breach and potential countermeasures taken by Orbit Chain and related entities. With the scale of the incident and the substantial loss incurred, this breach serves as a stark reminder of the persistent security challenges faced by blockchain and cryptocurrency platforms. Investigations are likely ongoing, and updates on the incident may emerge as more information becomes available.