Cross-chain bridge Orbit Chain has become the latest protocol to be exploited by hackers, resulting in a loss of over $81 million assets.
In a tweet posted on 1 January 2024, the protocol confirmed the hack, noting an unidentified access to the decentralised cross-chain on 31 December 2023.
As per data available online, the hacker sent $50 million in multiple assets to fresh wallet addresses in five separate transactions. This included stablecoins (30 million $USDT, 10 million $DAI and 10 million $USDC), 230.8 $wBTC (worth around $10 million) and 9,530 $ETH (worth around $23.15 million).
The exploiter then consolidated a majority of the chunk into $ETH by swapping 30 million $USDT and 230.9 $WBTC into 17,250 $ETH, revealed on-chain analytics firm Spot On Chain. As of press time, the hacker’s wallets hold 26,777 $ETH ($64 million), nearly $20 million worth of $DAI, 15.85 million worth of $USDT, and $3.92 worth of $USDC.
Latest announcements from the company has assured its users that the stolen assets “remain unmoved” from the addresses where the leaked funds are stored.
As soon as Orbit Chain was made aware of the attack, it requested major global cryptocurrency exchanges to freeze the stolen assets. Additionally, the company is also collaborating with global security experts to respond to issues and track funds in real time.
This includes Theori, which is a cybersecurity startup with expertise in offensive security. Additionally, the cross-chain bridge is also in discussions with 26 global security companies about closer collaboration.
Orbit is in communication with the hackers of the exploit as well, delivering a second message to them on 1 January 2024 at 01:08:35 PM +UTC.
Who’s behind the attack?
While Orbit Chain is yet to disclose the exact nature of the hack and its perpetrators, various analysts speculate that it may have been done by North Korean state-backed hackers.
Popular on-chain analyst Tay Vano tweeted: “Looks like 2024 is going to be another year of handing [North Korea] billions of dollars on a silver platter”.
Launched in 2018, Orbit Chain is a South Korean multi-asset blockchain that facilitates the transfer of crypto tokens across different decentralised networks. It is typically used to transfer assets between Ethereum Virtual Machine-compatible networks and Klaytn.
Klaytn network is a modular layer-1 blockchain, created by Ozys, a South Korean team which is also behind Orbit Chain, KlaySwap decentralised exchange, and Belt Finance stablecoin exchange.
Ozys-developed protocols have exhibited a poor track record of security as Orbit has now become the third protocol from the Ozys team to be exploited by hackers.
This follows the $6 million hack suffered by Belt Finance in May 2021 and the $2 million stolen from KlaySwap in February 2022.
Lazarus Group, which is associated with the North Korean government, is also being implicated for the recent attack on Orbit Chain. According to security services platform Immunefi, the group has roughly stolen about 17.6% worth of cryptocurrencies in 2023.
