Orbit Chain Bridge Exploit

In the early hours of January 1, 2024 — UTC — Korea's Orbit Chain cross-chain bridge was drained for roughly $82 million in stablecoins and wrapped assets. It was the first major incident of the year and a continuation of the multi-year run of bridge compromises that started with Ronin and Wormhole in 2022.

What happened

Orbit Chain's bridge between Ethereum and Klaytn was secured by a multi-signature scheme in which a quorum of operator-held signing keys had to authorise each cross-chain withdrawal. The attacker obtained access to seven of ten signing keys — enough to issue valid withdrawal proofs for any asset held in the bridge contracts.

With the keys in hand, the attacker drained the bridge's reserves of USDT, USDC, ETH, WBTC and DAI in a sequence of withdrawals on Ethereum, then converted and moved the funds through standard laundering paths.

Aftermath

• Orbit Chain paused the bridge and offered a 10% white-hat bounty for the return of funds, which went unanswered.
• Korean law-enforcement opened an investigation; no public attribution has been issued.
• A small portion of funds was frozen by exchanges during laundering; the bulk remained at the attacker's addresses.

Why it matters

Orbit was a continuation of the lesson from Ronin: a bridge secured by an N-of-M multi-sig of operator keys is exactly as secure as the worst-managed of those keys. The industry response — committee-based attestation with explicit slashing (e.g. Across, LayerZero v2), or replacement of attestation with single-canonical-execution models — was already underway by the time Orbit happened, and accelerated after.