Over $80 Million Stolen in Orbit Chain Exploit, Assets ‘Remain Unmoved’

Cross-chain bridge project Orbit Chain was hit by a “cyberattack” Monday, with over $80 million drained from its bridge.

The project stated that following an “unidentified access” on Orbit Bridge, the project had identified approximately $84.5 million held across multiple wallet addresses belonging to the attacker. The stolen funds total 26,741.6 ETH held across five addresses (worth around $64.5 million at current prices), with just under $20 million worth of the stablecoin DAI held in another three addresses.

The stolen funds “remain unmoved,” Orbit Chain said in a tweet, adding that its team was “constantly monitoring” the assets, that it was in “close contact” with law enforcement agencies and was endeavoring to communicate with the attacker.

Noting that it would use “all available methods” to recover the funds, Orbit Chain added that it has “developed a system for investigation support and cause analysis” with South Korea’s National Police Agency and Internet & Security Agency (KISA).

In order to resolve this issue, the Orbit Chain team will utilize all available methods to track down the hackers and recover the funds.

We sincerely request that all members of the Orbit Chain community and the Web3 ecosystem help spread this information as widely as possible.

— Orbit Chain (@Orbit_Chain) January 2, 2024

The firm has also requested that crypto exchanges freeze the stolen assets and is collaborating with blockchain security firm Theori, among others, to help “track funds in real time.” Security firm ChainLight reported that it was conducting a “comprehensive analysis” of the exploit in response to a request from Orbit Chain.

Orbit Chain has yet to publish a full account of how the exploit took place. Decrypt has reached out to Orbit Chain, Theori and ChainLight for comment, and will update this article should they respond.

In response to a tweet speculating that North Korean hackers could be behind the exploit, Orbit Chain noted that the possibility “has also occurred” to its team. North Korea has been accused of stealing crypto worth over $3.4 billion in a series of hacks over the years, including many of 2023’s biggest crypto hacks.

U.S. Senator Elizabeth Warren has claimed that North Korea used stolen crypto to “pay for about half of its nuclear weapons programme,” calling for the Bank Secrecy Act to be updated to account for the “threat” posed by crypto.

The initial ETH used in the attack was funneled through crypto mixer Tornado Cash, according to Orbit Chain. The coin mixer has been sanctioned by the U.S. Treasury Department for its role in laundering “more than $7 billion” worth of cryptocurrency, including funds stolen by state-sponsored North Korean hacking group Lazarus Group .

Stay on top of crypto news, get daily updates in your inbox.

Source: https://decrypt.co/211436/over-80-million-stolen-in-orbit-chain-exploit-assets-remain-unmoved