The Dec. 31 breach capped a year when crypto hacks and scams totaled nearly $2 billion, down 50% from the previous 12 months.
Posted January 2, 2024 at 4:47 pm EST.
Orbit Chain is in the process of tracing stolen funds from an $81 million exploit on New Year’s Eve.
The blockchain confirmed Monday on its X account a significant security breach of its cross-chain bridge that occurred on Dec. 31. The exploit capped off a year when crypto users lost nearly $2 billion to hacks and scams, down 50% from the prior year, according to a recent TRM Labs report.
The Orbit hacker funded a wallet using the controversial privacy protocol Tornado Cash. The stolen funds were sent to numerous Ethereum wallets, which currently hold 26,741.6 ETH ($64 million) and around $18 million of the dai (DAI) stablecoin. Orbit Chain said early Tuesday that the funds remained “unmoved” in the hacker’s wallets. Several hours later, the company said it had “identified a significant clue in the process of tracing the stolen funds,” but did not provide more details about the clue.
“Orbit Chain team has developed a system for investigation support and cause analysis with the Korean National Police Agency and KISA (Korea Internet & Security Agency), enabling a more proactive and comprehensive investigation approach,” wrote the Orbit Chain team on X. “Furthermore, we are also discussing close cooperation with domestic and foreign law enforcement agencies.”
The U.S. Treasury Department sanctioned Tornado Cash in Aug. 2022, preventing any U.S. citizens from using it. Tornado Cash is a virtual currency mixer that operates on the Ethereum blockchain and “indiscriminately facilitates anonymous transactions by obfuscating their origin, destination, and counterparties, with no attempt to determine their origin,” the Treasury wrote in its statement on the sanctions.
Cross-chain bridges are common exploit targets, with notable attacks including the $200 million drain of Nomad in May, a $125 million exploit of Multichain in July and the $99 Heco Bridge attack in November. Ozys, the South Korean team behind Orbit Chain, is also no stranger to breaches. Past incidents included a $6.2 million flash loan attack at decentralized finance (DeFi) protocol Belt Finance and a nearly $2 million theft from crypto platform KLAYSwap.
Unchained reached out to Orbit Chain for comment but had not received a reply at press time. Orbit Chain’s native token, ORC, dropped over 13% following the exploit but has since recovered to be down about 7% in the past 24 hours to $0.054, according to CoinMarketCap.