On January 1, 2024, Beijing time, according to monitoring by Beosin's EagleEye security risk monitoring, early warning and blocking platform, the Orbit_Chain project suffered an attack loss of at least approximately US$80 million. According to Beosin Trace analysis, the hacker address (0x27e2cc59a64d705a6c3d3d306186c2a55dcd5710) launched a small-scale attack as early as one day ago, and used the stolen ETH as the source of transfer fees for the remaining five addresses in this attack.
Orbit Chain is a cross-chain bridge platform that allows users to use various encrypted assets from different blockchains on one chain. Currently, the project team has suspended the cross-chain bridge contract and is communicating with the hackers. Regarding this security incident, the Beosin security team immediately conducted the following analysis.
Event Analysis
This incident was mainly caused by attackers Directly call the withdraw function of the Orbit Chain: Bridge contract to transfer the assets.
By further analyzing the code of the withdraw function, we can find that this function uses a method of verifying signatures to ensure the security and legality of lending.
In blockchain transactions, verifying signatures is a common security mechanism to confirm whether the initiator of the transaction has sufficient authority and control. In the withdraw function, by verifying the signature, it can be ensured that only authorized users or contracts can successfully call the function and transfer assets.
After entering the signature verification function (_validate), we can observe that the function returns the number of owner signatures. This information is crucial to verify the legality and security of the transaction.
By returning the number of owner signatures, the compliance and authenticity of the transaction can be verified to a certain extent. Depending on the implementation, the number of owner signatures may be compared to a preset threshold to determine whether the conditions for executing the transaction are met.
Then it is determined whether the quantity is greater than or equal to required, and if the conditions are met, the loan will be made.
It can be known from the data on the chain that the owner who manages the contract has a total of 10 addresses. The required value is 7, which means that in order to withdraw assets, 70% of administrators need to sign the withdrawal transaction.
In summary, the cause of the incident tends to be that the server that saves the administrator's private key was deceived and attacked.
Attack process
According to on-chain data,hackers have successively launched attacks on the Orbit_Chain project as early as 2023-12-30 03:39:35 PM +UTC Attack, the amount of ETH stolen by the hacker is relatively small, and the stolen ETH is sent to several other hacker addresses as transaction fees.
Several other hacker addresses successively attacked DAI, WBTC, ETH, USDC, and USDT of the Orbit_Chain project at 2023-12-31 9:00 PM +UTC.
Fund Tracking
As of press time, stolen The fund transfer situation is shown in the figure below. After the hacker officially launched the attack, the stolen funds were transferred to the above five addresses. In five separate transactions, each sent to a new wallet, Orbit Bridge sent $50 million in stablecoins (30 million Tether, 10 million DAI, and 10 million USDC), 231 wBTC (approximately 10 million US dollars) and 9500 ETH (approximately 21.5 million US dollars).
Beosin Trace tracking fund flow chart
This cross-chain bridge security incident It once again gives us security inspiration and reminds us that security should always be the primary consideration when designing and implementing blockchain systems.
First of all, we need to pay attention to the security of the code. Contract code is a core component of a blockchain system,so when writing and reviewing contract code, best practices and security standards should be followed to avoid common security vulnerabilities and attack vectors.
Secondly, authentication and identity verification are crucial. In a blockchain system, ensuring that only authorized users or contracts can perform critical operations is key to preventing unauthorized access and asset loss. Adopting measures such as strong authentication mechanisms, multi-signatures, and rights management can effectively limit access rights and ensure that only authorized entities can perform sensitive operations.
The old version of USDD took advantage of LUNA’s popularity and lied about “over-collateralization”. What are the problems with version 2.0?
JinseFinanceSpaceCoin XYZ has launched its first satellite, initiating an ambitious plan to build an extraterrestrial decentralised infrastructure network with up to ten satellites by 2025.
KikyoDon’t blame memes if VC coins can’t go up, and don’t blame memes if the bull market “ends early”. This is a natural correction that the market must go through.
JinseFinanceBase is born with good fortune, and TVL can keep rising even if there is no expectation of currency issuance. However, what cannot be ignored is the operating logic of Base.
JinseFinanceFebruary 2024 Public Chain Development Report: Explore the surge in cryptocurrency, the rise of DeFi, the progress of Layer 2, and more.
JinseFinanceHalving is one of Bitcoin’s most successful memes. Its simplicity is stunning, its aesthetics mesmerizing, its candidness contemptuous, and its power surprising.
JinseFinanceOrbit Chain's recent hack resulted in an $80 million loss due to a compromised private key. This incident underscores the broader issue of private key vulnerabilities in the blockchain space. The article explores the breakdown of stolen funds, efforts to freeze assets, and the historical context of security breaches linked to Ozys projects.
BerniceThe Orbit Bridge exploit presents a significant challenge for Klaytn, prompting immediate action and highlighting the need for enhanced security measures in blockchain ecosystems.
KikyoDogecoin is recording increases on its daily and weekly charts, gaining 10.96% in the past 24 hours and 11.55% compared to seven days ago, according to the data retrieved by Finbold on October 26.
FinboldEthereum Classic is a relatively smaller PoW chain compared to Ethereum in terms of usage and hash rate.
Cointelegraph