DMR News

Advancing Digital Conversations

Orbit Chain Hacker Transfers $48M to Tornado Cash After Months of Dormancy

ByDayne Lee

Jun 10, 2024

Orbit Chain Hacker Transfers $48M to Tornado Cash After Months of Dormancy

In a significant development, the hacker behind the $82 million Orbit Chain exploit has resurfaced after five months of inactivity, transferring a substantial portion of the stolen funds to the cryptocurrency privacy mixer Tornado Cash. This move has reignited concerns and discussions within the cryptocurrency community about the effectiveness of privacy tools in aiding illicit activities.

The Recent Movement of Funds

On June 8, blockchain analytics firm Arkham Intelligence reported that the exploiter moved a total of 12,932 Ether (ETH), valued at approximately $47.7 million, across seven separate transactions to a new address. These funds were subsequently sent to Tornado Cash, a platform known for its ability to obfuscate the origins of cryptocurrency transactions.

Arkham Intelligence, which was among the first to identify this transfer, noted in a post on X:

“They stole over $100M in ETH and DAI from Orbit Chain 5 months ago and have been silent since.”

DateActionDetails
June 8, 2024Movement of Funds12,932 ETH ($47.7 million) transferred to Tornado Cash
Initial Theft$100 million stolen from Orbit ChainETH and DAI were the primary assets stolen
DetectionReported by Arkham IntelligenceArkham was among the first to spot the activity

While initial reports estimated the losses from the Orbit Chain hack at $82 million, Arkham’s recent analysis suggests the actual figure is closer to $100 million. This discrepancy highlights the ongoing challenges in accurately assessing the full impact of such cyberattacks.

Despite the recent movement of Ethereum, the hacker has not yet transferred the $20 million in Dai (DAI) or any other assets stolen during the exploit. The hacker’s current holdings include $71.2 million in various cryptocurrencies, with $51.1 million in Ether and smaller amounts in wrapped Bitcoin (wBTC), wrapped Ether (wETH), Orbit Chain (ORC), and USD Coin (USDC).

AssetAmountValue
Ether (ETH)51.1 million USD51.1 million USD
Dai (DAI)20 million USD20 million USD
Other CryptosSmall amounts of wBTC, wETH, ORC, USDCRemaining assets include various tokens

The Timeline of the Hack

The attack on Orbit Chain occurred on December 31, 2023, just before the New Year, around 8:52 pm UTC. The exploit was confirmed by Orbit Chain the next day, and the project quickly began collaborating with international law enforcement agencies to track down the perpetrator and recover the stolen assets.

On January 11, Orbit Chain announced a bounty for information leading to the hacker’s identification or the recovery of the stolen funds. The bounty offered was up to $8 million, reflecting the severity and impact of the breach.

EventDateDetails
Hack OccurredDecember 31, 2023$100 million stolen in ETH and DAI
ConfirmationJanuary 1, 2024Orbit Chain confirmed the exploit
Bounty OfferedJanuary 11, 2024Up to $8 million for decisive intelligence

The hack had a significant impact on Orbit Chain’s ecosystem. Before the attack, the protocol had nearly $149.25 million in total value locked (TVL). This figure has since plummeted by over 75%, with the current TVL standing at approximately $37 million, according to DefiLlama. At its peak in August 2022, the protocol boasted $313 million in TVL, underscoring the dramatic effect the hack has had on its financial health and user confidence.

MetricValue Before HackCurrent Value
Total Value Locked (TVL)$149.25 million (Dec. 2023)$37 million (current)
Peak TVL$313 million (August 2022)N/A

The Role of Tornado Cash

Tornado Cash has been a focal point in discussions about cryptocurrency privacy and security. The platform allows users to mix their transactions with others, making it difficult to trace the original sources of funds. This feature, while valuable for privacy-conscious users, has also made it a tool for those looking to launder stolen cryptocurrencies.

In the case of the Orbit Chain hack, the use of Tornado Cash has complicated efforts to track and recover the stolen funds. The ETH was sent through Tornado Cash in batches of 100 ETH, a method designed to further obscure the trail.

PlatformFunctionUse in Hack
Tornado CashCryptocurrency mixerUsed to obscure $47.7 million in ETH
Transaction MethodBatches of 100 ETHStrategy to obfuscate fund origins

The Orbit Chain exploit is part of a broader trend of increasing cryptocurrency hacks. In the first quarter of 2024 alone, hackers stole $542.7 million worth of cryptocurrencies, marking a 42% increase compared to the same period in 2023. Interestingly, while overall thefts have risen, the amount stolen from smart contract hacks has significantly decreased — from a staggering $2.6 billion in 2022 to $179 million in 2023.

YearTotal Crypto StolenSmart Contract Hacks
2022$2.6 billion (smart contracts)$2.6 billion
2023$179 million (smart contracts)$179 million
Q1 2024$542.7 million (overall)N/A

The recent movement of funds by the Orbit Chain hacker underscores the ongoing challenges in securing and recovering stolen assets within the cryptocurrency space. As the industry continues to grow, the balance between enabling user privacy and preventing illicit activities remains a critical issue. The use of privacy mixers like Tornado Cash highlights the need for robust security measures and regulatory frameworks to protect the integrity of blockchain networks.


Featured image credit: Christoph Scholz via Flickr

Dayne Lee

With a foundation in financial day trading, I transitioned to my current role as an editor, where I prioritize accuracy and reader engagement in our content. I excel in collaborating with writers to ensure top-quality news coverage. This shift from finance to journalism has been both challenging and rewarding, driving my commitment to editorial excellence.

Leave a Reply

Your email address will not be published. Required fields are marked *