engin akyurt | Unsplash
By late 2023, the Orbit Chain platform, which enables cross-chain bridges, suffered an exploit resulting in the loss of $82 million. It was then that the project had to make the decision to suspend the chain and begin negotiations.
At that time, Blockchain Arkham Intelligence, an analysis platform, conducted a study revealing that 5 transactions had been made transferring $30 million in USDT, $10 million in USDC, $10 million in DAI, and 231 WBTC. Subsequently, a Twitter user (Kgjr) would follow the trail of this event, discovering that the USDT had been converted to ETH and USDC to DAI through the UniSwap DEX.
If there is something to keep in mind, it is that on a platform where a large volume of money is transferred daily, it is possible and highly likely that someone may be looking at how to exploit that system through an exploit or finding what vulnerability allows them to access all the funds, or at least a large part.
In this case, Orbit is a blockchain based in South Korea, which has the particularity of allowing and facilitating transfers between different chains including EVM-type chains and those compatible with Klaytn.
Following this event, the native cryptocurrency of Orbit Chain (ORC) experienced a drastic 19% drop, demonstrating the discontent and level of alertness of those who held it. Since then, it has not stopped falling and currently stands at $0.006635, with a 6.5% drop today.
Recently Blockchain Arkham Intelligence revealed that those who attacked Orbit Chain are back online. The exploiters moved $32 million in ETH (around 8671 ETH to be exact) to a new address, and everything indicates that they aim to deposit them into Tornado Cash. Additionally, Arkham mentions that a total of 12,932 ETH worth $48 million were moved through 7 transactions carried out in a span of two days.
The interesting, and not any less chaotic, part about this is that the transactions were done in batches of 100 ETH which can be verified simply by looking at the data provided by Etherscan, a blockchain explorer for the Ethereum network.
At the moment there is nothing clear about what might have happened. Although there are some theories that could answer these mysteries. One of them points out that the attack could have been a validation code exploit.
A security community of ETH on Telegram delved into what happened and this is what they said:
"They send an outbound bridge request and then replay it later with exactly same content values except for the amounts and it passes onchain validation since the hash differs exactly due to the amounts being different. The validator set then in theory should look at the orbit chain tx which doesn't have at all the inflated amount."
Another suspicion that exists and circulates is that it is an attack carried out by a group of hackers from North Korea called Lazarus. This has a degree of consistency considering that blockchain analysts from Match Systems claimed that the same tactics have been used as in other attacks carried out by this group.
Taylor Monahan, the developer of MetaMask, also agrees that this attack on Orbit follows very similar patterns to those previously carried out by the Lazarus group.
I believe that the idea of investing in security is a great precaution that can prevent something of this magnitude. Although, of course, there will always be a gap through which there exists the risk that a system may be breached and after discovering it, it may be too late.
- Main image edited in Canva.
- I have consulted information in cryptonews.com.
- I have used Hive Translator to translate from Spanish to English.