Orbit Bridge Suffers $81.54 Million Security Breach

Orbit Bridge Suffers $81.54 Million Security Breach

Summary #

On December 31, 2023, Orbit Chain, a South Korean cross-chain project, experienced a significant security breach involving their Orbit Bridge. The attacker exploited the Orbit Bridge through a private key compromise and drained approximately $81.54 million worth of assets from the Orbit Bridge’s ETH Vault. The stolen funds were converted into ETH and DAI and then distributed across several addresses.

Attackers #

The identity of the attacker remains unknown. However, some experts have linked the incident to the Lazarus Group, a North Korean hacking syndicate. The following Ethereum addresses was used to carry out the attack: - 0x9263e7873613ddc598a701709875634819176aff - 0x70462bfb204bf3ccb0560f259072f8e3a85b3512

Losses #

Orbit Bridge lost approximately $81.54 million in total:

  • 30,000,000 USDT
  • 9,530 ETH
  • 10,000,000 DAI
  • 10,000,000 USDC
  • 230.879 WBTC

Timeline #

Security Failure Causes #

Private Key Compromise: The attacker managed to compromise the private keys of the Orbit Bridge, leading to the security breach. Independent crypto researcher @officer_cia suggests that the root cause is the wallet compromise of 7 out of 10 multisig signers.