Crypto

Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin.

Orbit Chain is a blockchain platform designed to function as a multi-asset hub, supporting interoperability between various blockchains, decentralized applications (DApps), and services.

The platform isn't directly used by investors to buy assets or services but is more of a blockchain infrastructure project that supports the broader ecosystem.

The first unauthorized transaction of a series of drain attacks involving multiple asset types and performed by unidentified hackers occurred on December 31, 2023, at 9:07:59 PM UTC.

Orbit Chain

Blockchain intelligence platform Arkham reports that Orbit Chain's balance went from $115M to $29M instantly, meaning that the losses are estimated to be about $86,000,000.

The nature of the exploit leveraged by the hackers to perform the attack remains unknown at this time.

Although the attackers' identity and origin haven't been determined, they carry signs of sophisticated state-sponsored attackers believed to be based out of North Korea.

Orbit Chain attack diagram
Orbit Chain attack diagram (TRM Labs)

Orbit Chain says it is working with the Korean National Police Agency and Korea's Internet and Security Agency (KISA), which specialize in North Korean (DPRK) threats.

DPRK hacking groups like Lazarus have been implicated in various cryptocurrency-related cyberattacks throughout 2023, with the stolen amounts seen as a means to bypass international sanctions and finance the country's weapons development program and cyber operations.

Blockchain experts also point out that Orbit Bridge is an Ozys project, which also owns Belt Finance and KlaySwap, both previously hacked, likely by sophisticated state-sponsored actors who employed Border Gateway Protocol (BGP) hijack.

The stolen funds from the recent Orbit Chain hack are being tracked with the help of multiple international partners, and an extensive effort is underway to freeze the stolen assets.

Orbit Chain is also warning that scammers are using verified accounts on X to promote phishing sites pretending to be refund portals to trick people into connecting their wallets.

Fake Orbit Chain accounts on X promoting drainers
Spoofed accounts promoting drainers

However, once a wallet is connected, malicious scripts will drain all assets and NFTs from the wallet.

Blockchain threat tracking service Scam Sniffer reported that throughout 2023, wallet drainers stole $295 million from over 320k victims, with the most notable cases being Inferno Drainer and MS Drainer.

Related Articles:

North Korean hackers now launder stolen crypto via YoMix tumbler

Mandiant's X account hacked by crypto Drainer-as-a-Service gang

Web3 security firm CertiK's X account hacked to push crypto drainer

ScreenConnect flaws exploited to drop new ToddlerShark malware

North Korea hacks two South Korean chip firms to steal engineering data