- Orbit Chain has confirmed rumors that it lost over $80 million in an exploit on December 31
- The platform said it’s conducting a technical analysis to understand the source of the security breach
- Orbit Chain has contacted the hacker, law enforcement agencies and crypto exchanges
Cross-chain bridge Orbit Chain has confirmed that there was “an unidentified access” to the platform on December 31 that saw the bridge lose over $80 million of user funds. The platform said that it’s investigating the security breach and has asked cryptocurrency exchanges to freeze funds linked to the hack. Although the cross-chain bridge disclosed that it’s in contact with the attacker, it didn’t mention whether the attacker has responded or whether they’re offering a bounty.
Stolen Funds Remain Unmoved
According to on-chain analytics firm Arkham Intelligence, the attacker siphoned the funds in five transactions involving five different coins. USDT and ETH accounted for the highest amount at $30 and $21.7 million respectively, followed by USDC, DAI and Wrapped BTC (WBTC) at $10, 10 and $9.8 million respectively. The funds went to newly created wallets.
🚨Urgent🚨
Dear Orbit Bridge Users,
An unidentified access to Orbit Bridge, a decentralized Cross-chain protocol, was confirmed on Dec-31-2023 08:52:47 PM +UTC.
Further information regarding the issue will be updated.
— Orbit Chain (@Orbit_Chain) January 1, 2024
In its latest update on X (formerly Twitter), the platform said that “the stolen assets remain unmoved,” adding that it’s actively monitoring the funds with the help of “global security experts, including Theori.”
As of now, the stolen assets remain unmoved.
Our team is constantly monitoring the stolen asset, and we promise to inform the community once the address associated with the stolen asset has taken action.— Orbit Chain (@Orbit_Chain) January 2, 2024
Orbit Chain has also warned against malicious actors using the exploit to promise fake reimbursements. The scammers are using social media accounts with names resembling that of Orbit Chain.
🚨Important Notice🚨
Any reimbursement claims currently circulating are scams. Please don’t engage. Only refer to this official account @Orbit_Chain for updates, which will be provided as the situation unfolds. pic.twitter.com/zhpYSE3Nra
— Orbit Chain (@Orbit_Chain) January 1, 2024
Transactions Yet to be Validated
Some Orbit Chain users have asked the platform to return their funds stuck in unvalidated transactions since they’re yet to be “confirmed by a validator.”
Can you please cancel the pending transactions/bridging attempts ? I didn’t know that you guys got hacked and i just want my tokens back.
The transaction hasn’t been yet confirmed by a validator. Please.— 0xwisp (@Wisp0x) January 1, 2024
The exploit comes two days after blockchain security firm Immunefi disclosed that the web3 world has lost close to $2 billion to hackers and scammers in 2023.
With the hacker yet to move funds or use a crypto mixing service, it’s to be seen whether he’ll return the funds for a bounty.