In a recent cyber attack, a threat actor targeted the Orbit Chain platform, exploiting a vulnerability to pilfer a substantial sum of $86 million. The incident, which unfolded on the evening of December 31, 2023, raises concerns about the ongoing vulnerability of cryptocurrency bridges to malicious activities.
Cryptocurrency Bridge Exploitation:
Reports indicate that the threat actor swiftly capitalized on a vulnerability within the Orbit Chain platform, facilitating the theft of a diverse array of cryptocurrencies, including Ether, Dai, Tether, and USD Coin. The stolen funds, amounting to $86 million, were siphoned off almost immediately, prompting an ongoing investigation to ascertain the full extent of the breach.
Suspected Culprit: Lazarus, a Persistent Threat Actor:
While details surrounding the investigation remain uncertain, media outlets suggest Lazarus, a notorious North Korean state-sponsored threat actor, as the likely culprit. Known for targeting cryptocurrency businesses and bridges over the years, Lazarus has a history of breaching prominent projects, including Belt Finance and KlaySwap. Interestingly, both of these previous breaches were associated with the Ozys project, which encompasses the recently compromised Orbit Chain.
Breach Methodology and Imperfections:
The exact method employed by the hackers to breach the Orbit Chain bridge remains unclear. However, the prevailing assumption is that the project exhibited flaws, a recurring theme in many cryptocurrency bridge breaches. Past incidents have revealed that several compromised bridges were later identified as imperfect, underscoring the critical importance of robust security measures.
Cooperation with Law Enforcement:
In response to the breach, Orbit Chain has taken a proactive approach by collaborating with local law enforcement, specifically the Korean National Police Agency and the Korean Internet and Security Agency (KISA), which specializes in addressing North Korean threats. The collaborative effort aims to identify the destination of the stolen tokens and implement measures to freeze them.
In an official statement, the Orbit Chain team announced their collaboration with law enforcement agencies, emphasizing a comprehensive investigation approach. Discussions are also underway for close cooperation with both domestic and foreign law enforcement bodies.
Secondary Threat: Phishing Sites Exploit Victims:
Compounding the aftermath of the breach, additional hackers have targeted victims, utilizing verified X accounts to promote phishing sites. These fraudulent portals mimic refund platforms, deceiving individuals into connecting their wallets and subsequently draining their funds. The emergence of such secondary threats adds complexity to the aftermath of the initial breach, requiring heightened vigilance among cryptocurrency users.
The breach of the Orbit Chain platform underscores the persistent challenges faced by cryptocurrency bridges in safeguarding user funds. As investigations unfold, the cooperation between Orbit Chain and law enforcement agencies aims to mitigate the impact of the breach and identify the responsible threat actor. The incident serves as a stark reminder of the importance of continual efforts to enhance the security infrastructure of cryptocurrency projects, particularly in the face of evolving cyber threats.