Hackers withdrew more than $80 million worth of crypto assets from the Orbit Bridge cross-chain bridge

[Brother]

The Orbit Bridge cross-chain bridge has been hacked. The attackers managed to withdraw crypto assets for a total amount exceeding $80 million.

Unauthorized access was recorded on December 31.

Urgent

Dear Orbit Bridge Users,

An unidentified access to Orbit Bridge, a decentralized Cross-chain protocol, was confirmed on Dec-31-2023 08:52:47 PM +UTC.

Further information regarding the issue will be updated.
— Orbit Chain (@Orbit_Chain) January 1, 2024

https://twitter.com/i/web/status/1741725778956730778

User Kgjr was one of the first to discover the suspicious movement of funds. According to his observations, initially the following were withdrawn from the protocol to the “fresh” wallet:

30 million USDT;

10 million DAI;

10 million USDC;

231 wBTC (>$10 million);

9500 ETH (>$22 million).

The developers of Orbit Chain turned to large crypto exchanges with a request to freeze the stolen crypto assets.

The Orbit Chain team has requested major global cryptocurrency exchanges to freeze stolen assets.

— Orbit Chain (@Orbit_Chain) January 1, 2024

https://twitter.com/i/web/status/1741825433916825982

“In addition, we collaborate with global security experts, including Theori, to respond to issues and monitor funds in real time. We are also negotiating closer cooperation with 26 global security companies,” project representatives wrote.

Among other things, Orbit Chain representatives assured that they are closely cooperating with law enforcement agencies.

On January 2, the developers stated that the stolen funds remained unmoved, and also published a list of addresses associated with the attacker.

 

[Brother]

The South Korean company Ozys, which is behind the development of the cross-chain bridge Orbit Bridge, has accused its former employee of facilitating a recent attack on the protocol.

Based on the preliminary investigation, the CISO weakened the internal firewall settings on November 22, 2023. Two days earlier, this employee submitted his resignation letter of his own free will.

On December 6, he left his position, but did not notify the company about changes made to security settings. Ozys did not disclose the name of the former employee.

According to local media reports, the company contacted the police with a request to verify this information, and also filed a claim for damages against the ex-colleague.

Now the Ozys team, together with the security company Theori, the National Intelligence Service, the police and the local Internet and Security Agency, is investigating the incident. In particular, the involvement of North Korean hackers from the Lazarus Group is being verified.

The company promised to notify users about the funds recovery plan and the timing of its implementation.

Let us remind you that on December 31, 2023, the cross-chain bridge Orbit Bridge was subjected to a hacker attack. The attackers withdrew crypto assets worth more than $80 million.

 

[Tomcat]

On June 8, the attacker who attacked the Orbit Bridge cross-chain sent the stolen 8671 ETH worth $32 million to the Tornado Cash mixer. This was reported by Arkham Intelligence analysts.

ONGOING: $100M Orbit Chain Exploiter sends $32M to Tornado Cash after 5 months silence

In the past hour, the Orbit Chain Exploiter moved 8671 ETH ($32M) to a new address and is currently in the process of depositing it to Tornado Cash.

They stole over $100M in ETH and DAI… pic.twitter.com/Bq7BRdXqmc
— Arkham (@ArkhamIntel) June 8, 2024

https://twitter.com/i/web/status/1799473217326707106

The incident itself occurred on December 31, 2023, and the total damage from hacking amounted to more than $80 million. The South Korean company Ozys, which is behind the development of the cross-chain bridge, accused its former employee of contributing to the attack.

At the same time, Arkham recalculated the losses and concluded that the protocol's losses exceeded $100 million.

"They stole more than $100 million in ETH and DAI from Orbit Chain five months ago and have remained silent ever since," the experts said.

The hacker's wallet still holds $66 million in ETH and more than $20 million in DAI and USDT stablecoins. The hacker also holds a small amount of wBTC, wETH, ORC, and USDC.

After the attack, the Orbit team offered a maximum reward of $8 million for returning funds or information about the hacker. However, this did not help in identifying the culprit.

According to DeFi Llama, the total value of funds blocked in the network is $37 million. Before the hack, the figure exceeded $150 million.