Orbit Chain has become the latest cross-chain bridge to suffer a hefty exploit, with the protocol losing more than $81M worth of assets on Dec. 31.
Orbit announced the hack via a tweet on Jan. 1. The team said it is carrying out an investigation into an incident and that it has engaged “international law enforcement agencies.” Orbit also warned that opportunistic scammers have launched websites fraudulently purporting to offer refunds to affected users.
Spot On Chain, an on-chain analytics firm, tweeted that the perpetrator behind the exploit consolidated the majority into ETH, swapping 30M USDT and 230.9 WBTC into 17,250 ETH. The hacker’s wallets now hold 26,777 ETH ($64M), nearly $20M worth of DAI, 15.85M worth of USDT, and $3.92 worth of USDC.
Tay Vano, a popular on-chain analyst, speculated that the hack may have been perpetrated by North Korean state-backed hackers. “Looks like 2024 is going to be another year of handing [North Korea] billions of dollars on a silver platter,” they tweeted.
Vano noted that Orbit Bridge was created by Ozys, the South Korean team behind the Klaytn Layer 1 network, KlaySwap decentralized Exchange, and Belt Finance stablecoin exchange.
Belt Finance suffered a $6M hack in May 2021, while $2M was stolen from KlaySwap in February 2022. Immunefi, a web3 bug bounty platform, also disclosed an additional Belt Finance vulnerability that placed $60M worth of assets at risk in October 2021. The incidents indicate a poor track record for security on the part of Ozys’s developers.
Cross-chain bridges offer honeypots to hackers
Cross-chain bridges have emerged as an enticing target for hackers, with four of the five largest DeFi exploits ransacking bridges for more than $2B, according to Rekt.
Lazarus, North Korea’s state-backed hacking group, has since been implicated in the two largest bridge exploits — with Lazarus making off with $624M from Axie Infinity’s Ronin bridge and $611M from the Poly Network bridge. North Korean hackers were also linked to the $100M Harmony bridge exploit.
Wall Street Journal estimated North Korea hackers had stolen $3B worth of crypto assets over time as of June 2023, with Immunefi approximating $1.9B was pilfered from 2021 through 2023. Immunefi also said Lazarus was responsible for 17.6% worth of cryptocurrencies stolen in 2023, taking in more than $300M.