- Topic
67k Popularity
41k Popularity
34k Popularity
17k Popularity
75k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win. - 📢 Gate Square Exclusive: #WXTM Creative Contest# Is Now Live!
Celebrate CandyDrop Round 59 featuring MinoTari (WXTM) — compete for a 70,000 WXTM prize pool!
🎯 About MinoTari (WXTM)
Tari is a Rust-based blockchain protocol centered around digital assets.
It empowers creators to build new types of digital experiences and narratives.
With Tari, digitally scarce assets—like collectibles or in-game items—unlock new business opportunities for creators.
🎨 Event Period:
Aug 7, 2025, 09:00 – Aug 12, 2025, 16:00 (UTC)
📌 How to Participate:
Post original content on Gate Square related to WXTM or its
Orbit Chain cross-chain bridges were attacked, resulting in losses of up to 80 million USD.
Orbit Chain cross-chain bridges attacked, with losses of approximately $80 million
On January 1, 2024, a major blockchain security incident occurred. According to monitoring data from a security risk platform, the cross-chain bridges project Orbit Chain was attacked, resulting in losses of approximately $80 million. The security team analyzed that the attacker had begun small-scale probing attacks a day earlier and used stolen ETH as the source of transaction fees for the subsequent large-scale attack.
Orbit Chain is a cross-chain platform that allows users to use various cryptocurrency assets across different blockchains. Currently, the project team has suspended the operation of the cross-chain bridges contract and is trying to contact the attacker.
Attack Analysis
The core of this incident lies in the fact that the attacker directly called the withdraw function in the Orbit Chain cross-chain bridges contract to transfer assets out. A deeper analysis of the withdraw function's code reveals that this function employs a signature verification mechanism to ensure the legality of the disbursement.
In blockchain transactions, signature verification is a commonly used security measure to confirm the authority of the transaction initiator. The withdraw function ensures that only authorized users or contracts can successfully invoke it and carry out asset transfers by verifying the signature.
The signature verification function (_validate) returns the number of owner signatures, which is crucial for verifying the legality of a transaction. The system will compare the returned number of signatures with a preset threshold to determine whether the conditions for executing the transaction are met.
On-chain data shows that there are 10 addresses managing the contract, with a required value of 7, meaning 70% of the administrators need to sign off to withdraw assets. A comprehensive analysis indicates that this incident is likely due to the server storing the administrator's private keys being subjected to a spoofing attack.
Attack Process
According to on-chain data, the attacker launched a small-scale attack on Orbit Chain at 15:39:35 (UTC) on December 30, 2023, stealing a small amount of ETH and distributing it to other attack addresses as transaction fees.
Subsequently, on December 31, 2023, at 21:00 (UTC), multiple attack addresses began large-scale attacks on assets such as DAI, WBTC, ETH, USDC, and USDT of the Orbit Chain project.
Capital Flow
As of the report time, the transfer of the stolen funds is as follows: the attacker transferred the funds to five new wallet addresses in five separate transactions. Specifically, they include:
Security Insights
This cross-chain bridges security incident once again highlights the importance of security in blockchain systems. When designing and implementing blockchain systems, we should focus on the following aspects:
Code Security: As the core of blockchain systems, contract code writing and review processes must strictly adhere to security best practices to avoid common vulnerabilities and attack risks.
Authentication: Ensuring that only authorized users or contracts can perform critical operations is key to preventing unauthorized access and asset loss. Strong authentication mechanisms, multi-signature, and strict permission management should be adopted.
Continuous Monitoring: Establish a real-time monitoring system to promptly detect and respond to abnormal activities, which can greatly reduce the potential losses caused by attacks.
Multiple Protections: Utilizing a multi-layer security architecture, such as the separation of hot and cold wallets and multi-signature mechanisms, can provide an additional layer of protection for assets.
Regular Audits: Conduct regular security audits and vulnerability assessments of the system to promptly identify and fix potential security risks.
By implementing these security measures, the overall security of the blockchain system can be significantly improved, reducing the risk of similar attack incidents.