📢 Gate Square #MBG Posting Challenge# is Live— Post for MBG Rewards!
Want a share of 1,000 MBG? Get involved now—show your insights and real participation to become an MBG promoter!
💰 20 top posts will each win 50 MBG!
How to Participate:
1️⃣ Research the MBG project
Share your in-depth views on MBG’s fundamentals, community governance, development goals, and tokenomics, etc.
2️⃣ Join and share your real experience
Take part in MBG activities (CandyDrop, Launchpool, or spot trading), and post your screenshots, earnings, or step-by-step tutorials. Content can include profits, beginner-friendl
Orbit Chain cross-chain bridges attacked, resulting in losses of approximately 80 million USD.
Orbit Chain project suffers an attack, resulting in a loss of approximately 80 million USD
At the beginning of the New Year 2024, the cross-chain bridge platform Orbit Chain encountered a major security incident, with losses amounting to approximately $80 million. According to the security monitoring platform, the attackers had already begun small-scale probing a day earlier and used the stolen ETH to fund subsequent large-scale attacks.
Currently, the project party has suspended the operation of the cross-chain bridge contract and is attempting to communicate with the attacker. Security experts have conducted an in-depth analysis of the incident, revealing the specific methods of the attack and the flow of funds.
Attack Method Analysis
Attackers primarily transfer assets by directly calling the withdraw function of the Orbit Chain bridging contract. This function employs a signature verification mechanism to ensure the legality of withdrawals. Further analysis reveals that the contract requires at least 70% of the administrators (i.e., 7 out of 10 administrators) to sign the withdrawal transaction in order to execute it.
Experts speculate that this incident is likely due to the server storing the administrator's private key being subjected to a phishing attack. This highlights the importance of properly safeguarding private keys within a multi-signature mechanism.
Attack Timeline
Flow of Stolen Funds
The attacker will disperse the stolen funds to 5 different addresses:
Security Insights
This event reminds us once again that security should always be the top priority when designing and implementing blockchain systems. Specific recommendations include:
In today's rapidly developing decentralized finance landscape, both project teams and users should remain vigilant at all times, prioritizing security to jointly maintain the healthy development of the blockchain ecosystem.