Orbit Bridge Hackers Drain $81 Million in Crypto Assets

Capping off a year marked by numerous security exploits resulting in significant financial losses, the cryptocurrency sector experienced yet another major cyberattack on New Year’s Eve 2023. Orbit Bridge, a decentralized liquidity bridge protocol for Orbit Chain, confirmed unidentified access to its cross-chain protocol, which has led to the theft of an estimated $81 million in virtual assets.

On the morning of Jan 1, 2024, Orbit Chain requested major global cryptocurrency exchanges to freeze stolen assets. X user @KGJRTG was one of the first to call attention to Orbit Bridge getting drained, alerting the project to the potential exploit:

Blockchain security company ChainLight, reported that the unauthorized transaction was detected in the Orbit Chain’s Ethereum L1 Vault, involving assets like DAI, USDC, USDT, ETH, WBTC. The company noted that based on its preliminary root cause analysis, the incident occurred “outside of ChainLight's security assessment scope (e.g., code security),” leading some to speculate that it may have been a phishing attack or private key compromise. The nature of the attack has not yet been identified.

Orbit Chain is collaborating with global security experts, including Theori, to track the stolen funds, along with the Korean National Police Agency and KISA (Korea Internet & Security Agency). They are also working with global security companies.

On January 2, the team tweeted that it had “identified a significant clue in the process of tracing the stolen funds a few hours ago and is intensifying its efforts to track the fund based on the clue.”

MyCrypto founder Taylor Monahan suggested the attack has all the earmarks of state-sponsored North Korean hackers, which Orbit Chain confirmed was already on their radar.

Crypto bridges aim to provide a technical solution to the highly fragmented blockchain ecosystem, making it more interoperable by enabling seamless asset transfers between different blockchain networks and decentralized apps (dApps). Although blockchain bridges play a crucial role in expanding the liquidity of decentralized assets and improving the broader adoption of blockchain technology, they are frequently beset by security challenges inherent in their complexity, vulnerabilities in smart contracts, and centralization leading to costly points of failure.

Blockchain threat tracking service Scam Sniffer reported that wallet drainers stole $295 million in assets from 324,000 victims in 2023, with Inferno Drainer and MS Drainer leading the pack. Phishing activities luring victims have come through a variety of different methods, including organic and paid traffic, airdrops of NFTs or Tokens, and hacking attacks on project frontends or libraries they use. Scam Sniffer noted that software hacking has the broadest and swiftest impact in making phishing attacks successful.

Asset transfers and services using the Orbit Bridge protocol have been temporarily halted while the investigation continues. Orbit Chain warned users about not engaging with any reimbursement claims which are currently circulating as scams.

Orbit Chain’s native ORC token took a -7.20% dip in the last 24 hours following confirmation of Orbit Bridge's unauthorized access and has declined -28.80% in the past seven days.

This latest drain attack highlights the importance of securing blockchain infrastructure, as a network’s integrity can be destabilized in a matter of minutes, draining millions of dollars in assets before authorities have time to act. It also reinforces the need for vigilance in light of recent similar state-sponsored attacks.