‌Orbit Bridge is an interchain communication protocol (IBC) that allows communication between blockchains. On January 1, 2024, Orbit Chain lost $81 million after hackers exploited the platform's cross-chain bridge. The initial loss for Orbit was approximately $81.5 million, which included $30 million in USDT, $10 million in USDC, $10 million in DAI, 230.879 WBTC, and 9,500 ETH. The exploiter began the attack by funding with 10 ETH from Tornado Cash and then transferred these funds through the intermediary address 0x70462bfb204bf3ccb0560f259072f8e3a85b3512. ^[10] [11] ^[1]

Overview

Orbit Bridge was launched in October 2020, by a blockchain company based in Korea called Ozys. Orbit Bridge is a IBC in the Orbit Chain ecosystem to connect various chains and cryptocurrencies. The IBC protocol allows for decentralized verification of transactions, enabling reliable and secure movement of assets across different blockchains. ^[1][2]

By providing a hub for heterogeneous chains, Orbit Chain has created an ecosystem where assets from different chains can be used on a single decentralized platform. This has enabled the development of various decentralized finance (DeFi) protocols, including a decentralized exchange (DEX) protocol for asset exchange, a lending and borrowing protocol, and a staking-as-a-service protocol. ^[3]

Orbit Chain's IBC technology aims to address the fragmentation of the blockchain ecosystem by providing flexible and seamless usability to users of a wide range of public chains. With the development of its new Orbit Bridge IBC protocol, Orbit Chain is further upgrading their services by enabling the decentralized, free movement of assets between different chains. ^[3]

Infrastructure

Orbit Bridge achieves complete decentralization by transparently managing the consensus process without forming any components off-chain. Orbit Bridge uses a multi-sig based transaction consensus method, with Governance groups consisting of Operators and Validators. The Operators relay necessary information for the actual operation, while the Validators verify transactions generated by each chain to reach consensus. As the consensus and validation processes occur through transactions on Orbit Chain, they are transparent and trustless. Validators use a separate private channel and blockchain without central authority to complete their tasks. ^[4]

Bridge Validator

The Bridge Validator is responsible for verifying transactions and information based on the governance group it operates under. It checks the data passed to OrbitHub or BridgeContract against the transaction object data, which includes transaction hash, block number, method, parameter, memo, and more to ensure they match. ^[5]

For transactions with Vaults and Minters, the Validator checks the relayed data by the operator and the event data in the transaction to confirm that they are the same. A consensus process is used to verify the execution of transactions to each destination chain. Tendermint affiliates require consensus before signing transactions of fee and sequence information. ^[6]

The Validator also uses a verification hash to prevent double spending and Swap & RequestSwap Hash for executing Minting or Release. It subscribes to OrbitChain's new block and detects SwapRelay events. It supports Ethereum, Klaytn, and ICON chains and has pre-defined launch-governance settings. ^[6]

Terra Transactions

The Validator checks if tokens are being minted or released in Terra transactions by comparing the transaction data with SwapRelay event data. It filters messages with the message type bank/MsgSend and ensures that the token denom and amount of token in the filtered message match the event data. Additionally, the Validator validates TransactionSuggested and TransactionSelected events, verifies the vault's funds, checks the gas and fee estimates of the suggestion, creates a hash to verify the suggestion's sequence, and verifies the release of tokens to the Terra address. ^[6]

Bridge Operator

The Bridge Operator manages various tasks that are necessary for interconnecting multiple chains. They continuously monitor and manage the tasks of each chain. One of their responsibilities is to relay transaction information for Vaults and Minters to the Orbit Chain's Orbit Hub. This information includes details such as transaction hash, method, event, memo, etc. The Bridge Operator facilitates the building of a multiple signature wallet transaction in each bridge contract by relaying process information. They also suggest transaction objects for each chain specification (sequence format, transaction fee situation, etc.) and support successful consensus. Finally, the Bridge Operator executes the agreed transactions on each chain via the Orbit Chain, where the Validator signs the transaction based on the completed transaction information, allowing it to run on each chain. ^[7]

Governance

Orbit Bridge implements governance on each chain based on their respective vault. The Origin Chain's vault is created with a Multi-Sig wallet, which means that no assets can be moved without governance consensus. Governance has mint/burn/execute permissions on the Destination chain. A pair of the destination chain to bridge must be registered, and depending on the specification of each chain, governance consensus may differ in the same governance. ^[8]

OrbitHub

The built-in functions are used to manage the Bridge Contract, which is responsible for facilitating communication between different blockchain networks. The "addBridgeInfo" function saves important data related to the Bridge Contract, such as the Multi-Sig Wallet, Nonce, and Sequence. The "removeBridgeInfo" function deletes data stored in the Bridge Contract, and the "changeHubMig" and "changeBridgeMig" functions are used to replace the Multi-Sig Wallets registered in the Orbit Hub Contract and Bridge Contract, respectively. ^[8]

Minter

The Minter governance function provides several built-in functions to control the Minter, which is responsible for creating new tokens. The "changeActivate" function enables the governance of the Minter function and ensures that it functions properly. The "setValidChain" function ensures that requests to create new tokens are only accepted from bridging-capable chains. The "addToken" function maps tokens that can be minted when bridging is executed, and the "setBridgingFee" function sets the fee amount for executing a bridging transaction. The "setFeeGovernance" function sets the fee governance, which determines how fees are managed. ^[8]

Vault

The Vault governance function provides several built-in functions to control the Vault, which is responsible for storing and managing assets. The "changeActivate" function controls the Vault function and ensures that it is functioning properly. The "setValidChain" function ensures that requests to manage assets are only accepted from bridging-capable chains. The "setBridgingFee" function sets the fee amount for executing a bridging transaction, and the "setFeeGovernance" function sets the fee governance, which determines how fees are managed. All functions must be executed through Vault's own SubmitTransaction/ConfirmTransaction logic. ^[8]

Orbit Bridge 3.0

On October 28, 2022, the Orbit Chain community announced the release of Orbit Bridge version 3.0. The updated version focuses on the front-end structure and user interface and user experience (UI/UX), the addition of dark mode, and the integration of BitKeep wallet as new wallet support. ^[9]

Front-end Structure & UI/UX Improvements

The update includes common processing for EVM-based blockchains, which enables quick response time when integrating new blockchains, sophisticated error handling to solve existing problems, responsive UI implementation for all devices, and an automatic recipient address input function. The visibility of inactive buttons such as "Connect Wallet" and "CONVERT NOW" has been improved. The $ORC "BUY ORC" box has been changed to a rolling banner form with added multiple ORC-supported exchanges. The non-EVM network bridge controller screen has been improved. ^[9]

Dark Mode

Orbit Bridge now supports Dark Mode. Users can click/touch the crescent-shaped icon at the top right of the main screen, which changes the Orbit Bridge screen to dark mode. ^[9]

BitKeep

Orbit Bridge now supports BitKeep, a digital wallet that supports various mainnets and protocols such as Bitcoin, Ethereum, and Solana. BitKeep has more than 6 million subscribers in 168 countries worldwide and is one of the most loved decentralized wallets in 2020. ^[9]

Partnerships

• AhnLab
• Celo
• DappRadar
• DSRV
• Hexlant
• Klaytn
• Metadium
• Multichain
• Node A-Team
• Netmarble
• Polygon
• Ripple
• Stacks
• Swapscanner
• Theori
• TON Foundation
• Wemix

Team

• Jake Lee: Founder of Ozys and Chairman
• Roi Choi: Chief Executive Officer
• Kisung Choi: Chief Financial Officer
• Jongsic Choi: Chief Technology Officer
• Kyungsoo Ra: Chief Operating Officer
• Kewwon Park: Chief Business Officer
• Hyeongyu Kim: Chief Marketing Officer

Orbit Chain Loses $81M in Bridge Exploit

On January 1, 2024, Orbit Chain lost $81 million after hackers exploited the platform's cross-chain bridge. ^[11]

The platform confirmed the hack in a post on X, saying a hacker funded a wallet using sanctioned privacy protocol Tornado Cash before attacking Orbit Chain's Ethereum (ETH) vault. Proceeds of the hack were then sent to numerous Ethereum wallets. These wallets currently hold 26,741.6 ETH ($64 million) and around $18 million of the dai (DAI) stablecoin. ^[11]

Orbit Chain added that the funds are "unmoved.":

"As of now, the stolen assets remain unmoved. Our team is constantly monitoring the stolen asset, and we promise to inform the community once the address associated with the stolen asset has taken action."^[12]

The Orbit Chain team has developed a system for investigation support and cause analysis with the Korean National Police Agency and KISA (Korea Internet & Security Agency), to enable a more proactive and comprehensive investigation approach to the exploit. The team also partnered with the Klaytn Foundation to formulate a viable recovery plan. ^[13][14]