Orbit Bridge

Orbit Bridge Hack — December 31, 2023

What Happened

On New Year's Eve 2023, attackers drained Orbit Chain's ETH Vault on Orbit Bridge for $81.54M in stablecoins, WBTC, and ETH. First major hack of 2024.

Root Cause: 7-of-10 Multisig Signer Compromise

• Researcher officer_cia: attacker obtained access to 7 out of 10 multisig signers simultaneously

• Despite multisig security in place, all keys appear to have been stored on the same system or behind the same password — providing no real isolation

• Possibly a single employee had access to all keys and was the social-engineering target

• Pattern consistent with Lazarus Group spear-phishing operations

Stolen Assets

• $30M USDT

• $10M USDC

• $10M DAI

• ~231 WBTC (~$10M)

• ~9,500 ETH (~$21.5M)

Attribution

Some experts linked the incident to Lazarus Group (DPRK). The pattern — social engineering of multisig signers, specifically Telegram/email-based contractor impersonation — matches later Radiant Capital ($53M Oct 2024) and Drift Trade ($285M Apr 2026) attacks attributed to UNC4736 / DPRK Reconnaissance General Bureau.

Aftermath

• Orbit Chain offered bounty for return of funds

• Funds laundered through Tornado Cash / cross-chain bridges

• Highlighted the systemic risk of multisig signer key management — multisig is only as secure as its key isolation

References

• https://www.halborn.com/blog/post/explained-the-orbit-bridge-hack-december-2023

• https://rekt.news/orbit-bridge-rekt

• https://dn.institute/research/cyberattacks/incidents/2023-12-31-orbit-bridge/

• https://blockworks.co/news/80-million-lost-orbit-bridge

• https://www.coindesk.com/business/2024/01/02/orbit-chain-loses-81m-in-cross-chain-bridge-exploit