Orbit Chain exploiter moves $48 million through Tornado Cash after months of post-hack dormancy
![](https://www.tbstat.com/cdn-cgi/image/format=webp,q=40/wp/uploads/2022/08/20220808_Tornado-Cash-1200x675.jpg)
Quick Take
- The person or group behind the $82 million hack of cross-chain bridge Orbit Chain in December has emerged from dormancy to move about $48 million in funds through Tornado Cash, as noted by Arkham Intelligence.
![](https://www.tbstat.com/cdn-cgi/image/format=webp,q=50/wp/uploads/2025/01/Ripple-BlockAds-Mobile_300x250_Island-1.gif)
![](https://www.tbstat.com/cdn-cgi/image/format=webp,q=40/wp/uploads/2022/08/20220808_Tornado-Cash-1200x675.jpg)
In the final hours of 2023, cross-chain bridge Orbit Chain, which holds strong ties to the Klaytn ecosystem, suffered a hack that drained $81.5 million from the protocol across several transactions.
Following the exploit, the funds remained unmoved until Saturday, at which point the individual or organization responsible for the hack began to move about $48 million to Ethereum-based crypto mixing service Tornado Cash, as noted by Arkham Intelligence on X.
It is unclear what motivated the hacker's return from dormancy. Orbit Chain, which has recently begun to resume offering certain bridging services following the exploit, noted in an announcement that the funds had been moved.
"Our team is currently working closely with relevant authorities to swiftly track the stolen assets and take necessary measures accordingly," the protocol wrote in an announcement posted to its Telegram channel.
The hacker moved about $48 million to a new wallet before sending the funds to Tornado Cash, blockchain data shows. The hacker remains in control of about $71 million in ether and DAI stablecoins due to the assets' appreciation in price since the attack took place.
Orbit Chain has yet to offer a definitive explanation for the hack, though the protocol has stated that the incident, to its knowledge, "...did not result from a vulnerability in the Orbit Bridge smart contract or the theft of a validator key." In a blog post, Orbit Chain pointed to surreptitious actions taken by the protocol's former chief information security officer as a possible explanation for the attack. "It has come as a great shock to our employees, and we are currently taking the necessary civil and criminal measures," the protocol wrote.
Orbit Chain, which promised to share further updates with the community, was unable to be immediately reached for comment by The Block.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2024 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.