Cross-chain Orbit Bridge Allegedly Experiences A $82 Million Exploit

The Orbit Chain, a multi-asset blockchain focusing on cross-chain transfers, recently fell victim to a sophisticated exploit. Notably, on December 31, 2023, a series of unauthorized transactions led to a significant financial loss, amounting to approximately $81.6 million.

It appears the exploit was executed by compromising the private keys of the owner, allowing the attacker to create fake signatures for withdrawal transactions. This security breach led to the illicit transfer of various cryptocurrencies, including Ethereum (ETH), Tether (USDT), USD Coin (USDC), Wrapped Bitcoin (WBTC), and the algorithmic stablecoin DAI, into fresh wallets.

Transaction Details

Ethereum: An initial minor withdrawal of 0.004 ETH was followed by the vault being drained of approximately 9500 ETH.

Tether: The attacker initially withdrew 9.71 USDT and later approximately $30 million worth of USDT.

USD Coin: Starting with a small amount of 3.92 USDC, the attacker eventually drained about $10 million USDC.

Wrapped Bitcoin: The initial drain was 0.012 WBTC, followed by a substantial withdrawal of approximately 230.879 WBTC.

Technical Analysis

The core of the exploit involved the misuse of valid signatures for unauthorized transactions. The Orbit Chain’s smart contract validation mechanism lacked the ability to associate signatures directly with specific transaction details. This oversight allowed the attacker, who had access to at least one private key of a validator, to pass the validation checks and execute the fraudulent transactions.

Post-exploit, the Orbit Chain team communicated with the attacker, indicating a willingness to negotiate. To prevent such incidents in the future, it is recommended that blockchain protocols enhance their validation processes, ensure secure private key management, and implement fail-safes against unauthorized transactions. Hardware Security Modules (HSMs) are suggested for better private key management, reducing the risk of similar compromises.

Image source: Shutterstock

SEO Powered Content & PR Distribution. Get Amplified Today.
PlatoData.Network Vertical Generative Ai. Empower Yourself. Access Here.
PlatoAiStream. Web3 Intelligence. Knowledge Amplified. Access Here.
PlatoESG. Carbon, CleanTech, Energy, Environment, Solar, Waste Management. Access Here.
PlatoHealth. Biotech and Clinical Trials Intelligence. Access Here.
Source: https://Blockchain.News/news/cross-chain-orbit-bridge-allegedly-experiences-a-82-million-exploit

Generative Data Intelligence

Cross-chain Orbit Bridge allegedly experiences a $82 million exploit

How to Assess Market Sentiment Before Buying Cryptocurrency

Rainbet and Crypto Casinos: Leaders of the Pack

Latest Intelligence

Bitcoin Bloodbath: Crypto Analyst Spots ‘Death Cross’ After 8% Price Drop

AIEMP Announces Launch of Innovative AI Security Project

Binance’s defense against SEC could be aided by Mango Markets case

UK law enforcement given new powers to seize, destroy digital assets linked to criminals

DOGE’s position on the list keeps interest in meme coins alive

Pantera Capital’s Fund V Targets $1 Billion for Diverse Blockchain Investments