Original - Odaily
Author-husband how
At the beginning of the new year, hackers came out to make trouble again. According to monitoring by EagleEye, a subsidiary of Beosin, the Orbit Chain cross-chain bridge was hacked, resulting in losses of up to US$81.5 million.
Judging from the hacking behavior, all this seems to have been premeditated. According to Beosin Trace analysis, hackers tried to launch a small-scale attack based on the vulnerability as early as 1 day ago (December 31), and used the stolen ETH as the source of transfer fees for the remaining five addresses in this attack.
Early this morning, hackers officially launched the attack and transferred the stolen funds to the above five addresses. In five separate transactions, each sent to a new wallet, Orbit Bridge sent $50 million in stablecoins (30 million Tether, 10 million DAI, and 10 million USDC), 231 wBTC (approximately $10 million ) and 9,500 ETH (approximately $21.5 million).
Although attacks on cross-chain bridges occur from time to time, the types of attacks are not complicated. For example, Heco Bridge was recently attacked by a private key leak, with losses as high as US$86.6 million; Multichain was also attacked by a private key leak, with losses of up to US$242 million. It also affected the development of multiple projects and destabilized the asset prices on Fantom.
What is the reason for Orbit Chain being stolen this time? Security agency Slow Mist believes that this attack may be an attack caused by a vulnerability in the cross-chain bridge contract or the projects centralized server may be invaded. The former may be more acceptable to the public. No one is perfect, and no program is indestructible, but the compromise of a centralized server may trigger more chain reactions.
After the attack, the Orbit Chain token ORC fell by more than 18%, and the prices of a variety of packaged assets that were cross-chained to the Klaytn network through the Orbit Bridge fell. Among them, OETH, OBNB, and OXRP all fell by more than 20%.
Odaily reminds users that since the reason why the Orbit Chain cross-chain bridge was stolen is not yet clear, it is not sure whether the hacker has any next plans, so please revoke the relevant wallet approval as soon as possible.As a capital-intensive area, cross-chain bridges often attract the attention of hackers. As a user, try to do the following three things:
When an accident occurs, revoke the contract authorization for the cross-chain bridge as soon as possible to prevent further risk spread. You can revoke it through the approval checker in the browser of the blockchain. It is also recommended that you regularly review and clean up some contract authorizations that are useless to you. Hackers often exploit vulnerabilities in smart contracts to withdraw assets multiple times.
Users with frequent cross-chain needs need to pay close attention to relevant information about cross-chain bridges, such as risk warnings from security companies, official announcements of upgrades, etc., so that they can learn about them as soon as possible and be prepared for them.
As a participant in the cross-chain bridge LP, in the face of such incidents, you must actively communicate with the project party, keep a record of the locked assets, and wait for subsequent resolution.
At present, Orbit Chain has suspended the cross-chain bridge contract and is communicating with the hackers. At the same time, it plans to issue compensation to users to compensate for the damage to their assets. The specific compensation amount has not yet been made public. Odaily will also continue to pay attention.
