Technology

Breaking News: Multi-million Dollar Hack Rocks Cross-chain Orbit Bridge!






Orbit Chain Falls Victim to Sophisticated Exploit

Orbit Chain Falls Victim to Sophisticated Exploit

The Orbit Chain, a multi-asset blockchain focusing on cross-chain transfers, recently fell victim to a sophisticated exploit. On December 31, 2023, a series of unauthorized transactions led to a significant financial loss, amounting to approximately $81.6 million.

It appears the exploit was executed by compromising the private keys of the owner, allowing the attacker to create fake signatures for withdrawal transactions. This security breach led to the illicit transfer of various cryptocurrencies, including Ethereum (ETH), Tether (USDT), USD Coin (USDC), Wrapped Bitcoin (WBTC), and the algorithmic stablecoin DAI, into fresh wallets.

Transaction Details

Ethereum

An initial minor withdrawal of 0.004 ETH was followed by the vault being drained of approximately 9500 ETH.

Tether

The attacker initially withdrew 9.71 USDT and later approximately $30 million worth of USDT.

USD Coin

Starting with a small amount of 3.92 USDC, the attacker eventually drained about $10 million USDC.

Wrapped Bitcoin

The initial drain was 0.012 WBTC, followed by a substantial withdrawal of approximately 230.879 WBTC.

Technical Analysis

The core of the exploit involved the misuse of valid signatures for unauthorized transactions. The Orbit Chain’s smart contract validation mechanism lacked the ability to associate signatures directly with specific transaction details. This oversight allowed the attacker, who had access to at least one private key of a validator, to pass the validation checks and execute the fraudulent transactions.

Post-exploit, the Orbit Chain team communicated with the attacker, indicating a willingness to negotiate. To prevent such incidents in the future, it is recommended that blockchain protocols enhance their validation processes, ensure secure private key management, and implement fail-safes against unauthorized transactions. Hardware Security Modules (HSMs) are suggested for better private key management, reducing the risk of similar compromises.

Image source: Shutterstock


Related posts

China’s Economic Woes Trigger Commodities Slump

George Rodriguez

Unveiling the Peril: Jailbreak Attacks Threaten ChatGPT and AI Models’ Security

George Rodriguez

Breaking News: DWF Labs Commits $10 Million to TokenFi Tokens for Next Two Years!

George Rodriguez