Cryptohack Roundup: Orbit Chain's $81M New Year's Eve HackAlso: Crypto Hack Losses in 2023 Decreased by Over 50%
Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. This week, Orbit Chain lost $81 million in a New Year's Eve hack, Indonesian police shuttered Bitcoin mining operations, dYdX named its attacker, $324,000 users fell victim to 2023 crypto phishing scams, Singapore's prime minister had a deepfake problem, and 2023 crypto losses decreased by over 50%.
New Year's Eve Hack Costs Orbit Chain $81M
Orbit Chain, a cross-chain bridge platform, confirmed an unauthorized breach of its ecosystem on Dec. 31 that resulted in the compromise of millions of dollars in cryptocurrency. Initial estimates by blockchain analytics platform Arkham Intelligence revealed losses amounting to $81.68 million in various cryptocurrencies.
Orbit Chain cautioned users against falling for scam reimbursement offers circulating on social media. Users have expressed concerns on social platforms, requesting transaction cancellations and fund recovery. While the platform is engaging with law enforcement, it has yet to publicly respond to user inquiries.
The breach prompted Orbit Chain to conduct a comprehensive analysis of the incident with cybersecurity startup Theori. The platform is also collaborating with international law enforcement agencies, including the Korean National Police Agency and Korea Internet & Security Agency.
The company urged global cryptocurrency exchanges to freeze the stolen assets and is exploring the possibility that the attack originated from North Korean hackers. North Korea's government has been linked to numerous significant crypto thefts in recent years. Orbit Chain said it would use all available methods to track down the hackers and recover the funds.
Indonesian Police Shutter 10 Bitcoin Mining Operations
Indonesian police authorities shuttered 10 bitcoin mining operations, accusing the organizers of stealing nearly $1 million worth of electricity. The North Sumatra Police Force took action against a multi-site bitcoin mining operation across 10 locations in Indonesia, according to a recent report, and seized 1,134 bitcoin mining machines.
North Sumatra Police Chief Agung Setya Imam Effendi claimed that the organizers of this scheme had manipulated electrical circuits to power the significant number of bitcoin mining machines. p>
The total loss from these 10 instances of theft is estimated to be 14.4 billion Indonesian rupiahs, or approximately $935,666.
DeFi Exchange dYdX Names Attacker in November Hack
In November, dYdX decentralized exchange experienced a "targeted attack" on its v3 platform, resulting in a $9 million loss, or 40%, of its insurance fund. Investigative efforts have identified the attacker, and dYdX is currently in contact with law enforcement, exploring legal actions against them.
The attacker opened a significant amount of 5x leveraged long positions in YFI-USD across over 100 wallets, using different addresses to purchase spot YFI tokens and inflate their price by 215%. The attacker then leveraged unrealized profits into YFI-USD positions, reaching approximately $50 million.
To counter this, on Nov. 17, dYdX adjusted market parameters, increasing the YFI-USD market's initial margin requirement and reducing base and incremental position sizes to restrict the attacker. Despite these measures, the following day, YFI's price plummeted nearly 30%, causing the attacker to fail in closing positions, and the insurance fund automatically compensated for their losses.
One week before the YFI incident, the attacker had used a similar strategy on SUSHI, withdrawing $5 million in profits. But dYdX's proactive measures, including a 100% initial margin requirement, prevented any impact on the v3 insurance fund in that case.
Crypto Phishers Stole $300M From 324,000 Victims in 2023
In 2023, more than 324,000 cryptocurrency users fell victim to phishing scams, resulting in a staggering loss of approximately $295 million in digital assets to wallet drainers, according to a report from blockchain security platform Scam Sniffer.
The report showed persistent growth in phishing activities throughout the year. Even when drainers shut down, Scam Sniffer said, "phishing gangs" seamlessly transitioned to alternative platforms, indicating no lack of services for scammers. The infamous Monkey Drainer, responsible for significant phishing exploits, closed its operations on March 2, but it recommended another scam service before doing so and estimated it had stolen around $16 million. After pilfering approximately $81 million, Inferno Drainer, shut down in 2023 and handed the baton to Angel Drainer.
Scam Sniffer also analyzed how phishing sites generate traffic, revealing methods such as hacking official Discord and Twitter accounts, conducting fake airdrops and exploiting expired Discord links. Scammers also circumvented Google's and Twitter's advertising guidelines, allowing phishing websites to publish paid Google Search and Twitter ads.
Singapore Prime Minister's Deepfake Problem
Singaporean Prime Minister Lee Hsien Loong posted a warning on social media about deepfake videos exploiting his voice and image for cryptocurrency scams. In posts on Dec. 28 on X - formerly known as Twitter, LinkedIn and Facebook, Loong urged followers to disregard scammers using artificial intelligence to generate deepfakes falsely claiming that he has promised "returns on investments" and crypto giveaways.
Loong shared a video created by scammers promoting a fake "hands-free crypto trading" interview. Noting the growing threat of deepfake technology in spreading disinformation, Loong emphasized the importance of remaining vigilant and educating oneself and others about such scams. Loong has been a target for scams before. He previously cautioning Singaporeans about cryptocurrency platform dealings in 2021 and faced inquiries, along with Deputy Prime Minister Lawrence Wong, after the 2022 collapse of FTX.
Crypto Hack Losses Decreased by Over 50%
The cryptocurrency space experienced over $1.8 billion in digital asset losses across 751 security incidents in 2023 - a significant decrease of 51% compared to the $3.7 billion recorded in 2022, according to blockchain security firm CertiK.
The highest losses occurred in the third quarter of 2023 and exceeded $686 million. Private key compromises remained the costliest attack vector, leading to over $880 million in losses through 47 incidents.
Ethereum dominated blockchain losses, with $686 million across 224 incidents, averaging $3 million per event. In contrast, BNB Chain reported 387 security incidents but incurred lower losses, at $134 million.
Cross-chain interoperability challenges persisted, contributing to almost $800 million in losses from security breaches across multiple blockchains. Despite the decline in losses, Ronghui Gu, CertiK's co-founder, emphasized positive developments in blockchain security, citing the growth of bug bounty platforms and proactive security measures. Gu expressed hope for continued improvements in security throughout 2024, acknowledging the potential influence of market conditions on loss trends.