The Orbit Chain hacker, who stole funds in 2023, transferred 12,932 Ether (valued at $47.7 million) to Tornado Cash on June 8, after a five-month dormancy.
Arkham Intelligence reports that the perpetrator moved the funds through seven transactions over two days to a new address, which was then sent to Tornado Cash.
Tornado Cash is a privacy-focused decentralized application (DApp) that lets users privately transfer Ether by breaking the on-chain link between the sender and receiver. Previously, it has been used by hackers on multiple occasions.
ORBIT CHAIN HACKER MOVES $48M THROUGH TORNADO CASH
The hacker responsible for the $81.5M Orbit Chain exploit in late 2023 has recently transferred $48M of the stolen funds to Tornado Cash.
This is the first time the hacker has moved the funds since the breach, according to… pic.twitter.com/utdQYJqlSa
— Mario Nawfal’s Roundtable (@RoundtableSpace) June 10, 2024
According to Etherscan data, the stolen Ether was sent to Tornado Cash in batches of 100 ETH per transaction, which suggests a deliberate effort to legitimize the source of funds before converting and transferring them to an off-ramp exchange.
The hacker’s cryptocurrency balance is $70.8 million (due to the recent price surge). This balance comprises $50.83 million in Ether, $20 million worth of DAI, $21.54K worth of USDT, and small holdings in other altcoins.
The Orbit Chain hacker’s resurgence coincides with the platform’s decision to resume certain bridging services, which were shut down following the exploit.
Meanwhile, in the wake of the hacker’s recent move, Orbit Chain announced via its official Telegram channel that the platform is now collaborating with law enforcement authorities to track the stolen assets and hold the perpetrators accountable
Insights into Orbit Chain Hacker Attack
In December 2023, hackers launched a successful attack on Orbit Bridge, stealing $81.68 million, marking it as one of the largest crypto breaches of the year.
🚨Urgent🚨
Dear Orbit Bridge Users,
An unidentified access to Orbit Bridge, a decentralized Cross-chain protocol, was confirmed on Dec-31-2023 08:52:47 PM +UTC.
Further information regarding the issue will be updated.
— Orbit Chain (@Orbit_Chain) January 1, 2024
The hackers conducted five separate transactions, moving $30 million in Tether, $10 million in USD Coin, $21.7 million in Ether, $9.8 million in Wrapped Bitcoin (WBTC), and $10 million in Dai to new wallets.
While no one has been charged since the incident, theories from an “ETHSecurity Community” suggest it could have been the result of an exploit in the validator code.
A validator code exploit is a vulnerability in the code used by validators in a blockchain network that allows attackers to manipulate the system and execute unauthorized transactions.