Orbit Bridge
HackedInfrastructure · born 2020 · ✝ 2024
A Korean cross-chain bridge drained for $81M on New Year's Eve.
Orbit Bridge was a cross-chain bridge operated by Ozys, enabling asset transfers across Ethereum, BNB Chain, Polygon, and others. On December 31, 2023 (KST into 2024), attackers compromised validator keys and minted unauthorized wrapped tokens.
- Peak
- ~$81M stolen
- Cause
- Hacked
- Year of death
- 2024
☠️ Cause of death
Compromised validator keys let attackers forge cross-chain messages and mint unbacked wrapped assets on destination chains. The bridge halted operations and the incident rippled through protocols that relied on Orbit-issued tokens.
📓 Lessons left behind
- —Bridge security reduces to who controls the validator set.
- —Wrapped tokens are only as trustworthy as the bridge minting them.
- —Holiday timing is a feature for attackers, not a coincidence.
🌱 The idea that survived
Light-client & ZK bridges
Trust-minimized bridging (ZK light clients, canonical L2 bridges) gained share as multisig validator bridges kept getting keyed.
#bridge#cross-chain#validator#korea