Orbit Chain Hacker Moves $48M to Tornado Cash After Months of Post-hack Dormancy

Highlights:

• The individual or group behind the $82 million hack of cross-chain bridge Orbit Chain has appeared after a period of dormancy to move about $48 million in funds.
• The firm has not yet provided detailed information.
• Orbit Chain suspects its ex-Chief Information Security Officer is responsible for the attack.

The exploiter behind the $82 million Orbit Chain hack on New Year’s Eve recently transferred $47.7 million to the cryptocurrency privacy mixer Tornado Cash after five months of dormancy. Following the exploit, the funds “remained unmoved” from the addresses where the leaked funds were stored. On June 8, 12,932 Ether (ETH) valued at $47.7 million was transferred across seven transactions to a new address, which then sent the funds to the crypto mixer Tornado Cash.

Advertisement

🚨ONGOING: $100M Orbit Chain Exploiter sends $32M to Tornado Cash after 5 months silence

In the past hour, the Orbit Chain Exploiter moved 8671 ETH ($32M) to a new address and is currently in the process of depositing it to Tornado Cash.

They stole over $100M in ETH and DAI… pic.twitter.com/Bq7BRdXqmc

— Arkham (@ArkhamIntel) June 8, 2024

Orbit Chain Loses $82M in Cross-Chain Bridge Exploit

Cybercriminals exploited Orbit Bridge, a bridging service of the cross-chain protocol Orbit Chain, on Dec-31-2023 at 08:52:47 PM +UTC, leading to the theft of approximately $82 million worth of cryptocurrencies. Orbit Chain officially confirmed the attack on Jan 1, 2024.

🚨Urgent🚨

Dear Orbit Bridge Users,

An unidentified access to Orbit Bridge, a decentralized Cross-chain protocol, was confirmed on Dec-31-2023 08:52:47 PM +UTC.

Further information regarding the issue will be updated.

— Orbit Chain (@Orbit_Chain) January 1, 2024

The company collaborated with international law enforcement and worked with the security firm Theoria to identify the root cause. Following the attack, Orbit Chain disclosed specific details. The firm attacker utilized Tornado Cash to provide initial ETH for the attack and then employed multiple wallet addresses to receive the stolen cryptocurrency.

Though Orbit Chain did not specify the amount stolen during the attack, the security firm PeckShield estimated the loss at $81.5 million. It noted that the stolen amount includes $30 million in USDT, 230.879 WBTC (worth $10 million), $10 million in USDC, $10 million in DAI, and 9,500 ETH (worth $22 million). Moreover, it provided a chart indicating that the attacker used the decentralized exchange Uniswap to convert some of the stolen funds into ETH.

The initial loss of @Orbit_Chain is ~$81.5M (comprising $30 million $USDT, $10 million $USDC, $10 million DAI, 230.879 $WBTC, and 9,500 $ETH)

The exploiter initially funded with 10 $ETH from #TornadoCash and transferred them through the intermediary address… pic.twitter.com/XG62An0V91

— PeckShield Inc. (@peckshield) January 1, 2024

On Jan. 11, Orbit Chain said:

“Those who provide decisive intelligence that leads to identifying the attacker or recovering stolen assets will receive the bounty. As a maximum reward, we are offering $8M USD.”

The final deadline for negotiation on the exploit terminated as of 10am(UTC+9) today.

We are now extending the bounty to the public. As a maximum reward, we are offering $8M USD.

Those who provide decisive intelligence that leads to identifying the attacker or recovering stolen…

— Orbit Chain (@Orbit_Chain) January 11, 2024

Hack Steal Nearly $100M: Arkham Intelligence

The exploit was first reported to have caused $82 million in losses, but Arkham now suggests it was closer to $100 million. Arkham noted, “They stole over $100M in ETH and DAI from Orbit Chain 5 months ago and have been silent since.” Furthermore, Etherscan data reveals that the majority of the $47.7 million in Ether sent through Tornado Cash were in batches of 100 ETH. 

The exploit did not transfer the stolen $20 million in DAI or any other extracted coins from the cross-chain bridge. Their balance now stands at $71.2 million, comprising $51.1 million in Ether and minor holdings of wrapped Bitcoin, wrapped Ethereum, Orbit Chain, and USD Coin.

Orbit Chain’s Uncertainty Regarding the Hack

The reason behind the hacker’s return from dormancy remains uncertain. However, the timing coincides with the protocol’s recent move to restart certain bridging services after the exploit.

 In an announcement post on the Telegram channel, the company said:

“Our team is currently working closely with relevant authorities to swiftly track the stolen assets and take necessary measures accordingly.”

Orbit Chain has not provided a definitive explanation for the hack. However, it said the incident “…did not result from a vulnerability in the Orbit Bridge smart contract or the theft of a validator key.” In a blog post, the firm pointed out that actions carried out by the protocol’s former chief information security officer could potentially explain the attack. Moreover, the protocol said it is currently taking the necessary civil and criminal measures.

Read More

• Minu Price Soars by 57% Amid Rising Momentum and Aggressive Marketing Campaign
• Latest Crypto Price Predictions
• Next Cryptocurrency to Explode in 2024

Disclaimer: Cryptocurrency is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.

Advertisement