Orbit Bridge Hack: South Korea’s Orbit Chain Loses $80M In Security Breach

The new year commenced with a significant blow to Orbit Chain, a South Korean cross-chain bridging project, which lost over $80 million in assets due to a compromising bridge hack. It’s essential to distinguish Orbit Chain from Orbiter Finance, an Ethereum-based bridge sharing a similar name.

According to a researcher using the pseudonym officer_cia, the attacker successfully accessed seven of the ten multisig signers, leading to a staggering loss of $81.5 million. Multisig, designed to require multiple private keyholders for transaction validation, aims to prevent single-party control over a wallet’s assets.

Primarily, the stolen funds comprised stablecoins, with $30 million in USDT, $10 million in USDC, and $10 million in DAI. Additionally, approximately 231 WBTC ($10 million) and 9,500 ETH ($21.5 million) were part of the stolen assets.

Ongoing Investigation and Preventive Measures

The hacker utilized an intermediary address to route the stolen funds through a cryptocurrency mixer, complicating the tracking process. Orbit Chain’s team swiftly reached out to cryptocurrency exchanges, urging them to freeze the stolen assets. Simultaneously, they’ve engaged with law enforcement agencies to trace the missing funds.

The project has issued warnings to dissuade users from participating in reimbursement claims circulating amidst the chaos of the hack.

Unsecured Infrastructure and Previous Incidents

This unfortunate incident involving Orbit Bridge isn’t the first security breach connected to Ozys, the South Korean blockchain development company behind the project. Metamask’s Lead Product Manager, Taylor Monahan, highlighted that KlaySwap and Belt Finance, other Ozys creations, faced similar breaches in recent years.

Belt Finance witnessed a loss of approximately $6 million in May 2021, followed by a potential $60 million at risk in August 2021. KlaySwap experienced a drain of nearly $2 million in February 2022. These incidents underscore the vulnerability of Ozys’ infrastructure, calling for vital lessons to be learned from past mistakes.

Also Read: Crypto Scams and Hacks Drain $2 Billion in 2023

Multisig Vulnerabilities and Previous Exploits

Private key compromise has been a recurrent theme in several major exploits within the crypto space. Notably, the Ronin Bridge hack in March 2022 resulted in the draining of $625 million due to a similar issue.

According to Quantstamp, a leading Web3 security firm, “compromised keys were the biggest threat of 2023.” Certik’s recent analysis revealed that private key compromises accounted for a significant portion of security incidents, totalling $880 million across 47 cases in 2023.

Learning from these incidents becomes crucial for projects to enhance their security measures and safeguard user trust. Taylor Monahan stressed the importance of sharing lessons learned to prevent similar breaches in the future.

Leave a Reply

Your email address will not be published. Required fields are marked *