Cross-Chain Bridge Orbit Chain Hacker Finally Moves $48M to Tornado Cash: Arkham Data
Orbit Chain, a platform that transacts with various blockchains, lost $82 million after hackers exploited the platform’s cross-chain bridge in the last few hours of 2023. Per recent reports, the hacker group has finally moved $48 million worth of stolen data to Tornado Cash mixer.
Blockchain analytics firm Arkham Intelligence revealed Sunday that the Orbit Chain perpetrators are back online after months of silence.
“In the past hour, the Orbit Chain Exploiter moved 8671 ETH ($32M) to a new address and is currently in the process of depositing it to Tornado Cash,” the ongoing update noted.
🚨ONGOING: $100M Orbit Chain Exploiter sends $32M to Tornado Cash after 5 months silence
In the past hour, the Orbit Chain Exploiter moved 8671 ETH ($32M) to a new address and is currently in the process of depositing it to Tornado Cash.
They stole over $100M in ETH and DAI… pic.twitter.com/Bq7BRdXqmc
— Arkham (@ArkhamIntel) June 8, 2024
Per Arkham’s estimates, the hackers stole over $100 million in ETH and DAI from Orbit Chain 5 months ago. “They still hold over $66M in ETH and over $20M in DAI and USDT,” Arkham wrote.
Per Arkham, the exploiter moved a total of 12,932 Ether (ETH) worth $48 million in two days, across 7 transactions. Further, Etherscan data also showed that the ETHs were sent through Tornado Cash in batches of 100 ETHs per transaction.
Inside the Orbit Chain’s Exploit
On the last day of 2023, cybercriminals drained millions in various assets, as a result of suspected compromised private keys. However, various theories exist, for instance, an ETH security community noted that the attack could be “a validator code exploit.”
Despite the protocol using multisig wallets to secure its assets, attackers generated transactions in ETH, USDT, DAI, USDC and WBTC.
Following the hack, reports surfaced that it might have been performed by the North Korean infamous Lazarus Group. Blockchain analysts from Match Systems found that the Orbit Chain hackers used the same tactics as those in several other high-profile attacks by Lazarus Group.
Metamask developer Taylor Monahan also agreed that the Orbit attack follows similar patterns to hacks carried out by Lazarus Group.
“Looks like 2024 is going to be another year of handing DPRK billions of dollars on a silver platter,” Monahan wrote on X at the time.
