Orbit Chain Hacker Profits from Swapping Stolen USDT for ETH

A hacker who stole over $7 million worth of USDT from Orbit Chain, a cross-chain protocol, has swapped the stolen funds for ETH and raked in $1.45 million in profits. The hacker exploited a vulnerability in Orbit Chain’s smart contract and drained its USDT pool on December 30, 2023. The incident was reported by PeckShield, a blockchain security firm, which tracked the hacker’s activities and alerted the exchanges.

How the hacker swapped the stolen USDT for ETH

According to PeckShield, the hacker used a complex scheme to swap the stolen USDT for ETH and avoid detection. The hacker first transferred the USDT to a series of addresses and then used a decentralized exchange (DEX) called SushiSwap to exchange the USDT for WETH, a wrapped version of ETH. The hacker then unwrapped the WETH to get ETH and transferred it to another address. The hacker repeated this process several times, using different DEXes such as Uniswap, Curve, and Balancer, and different addresses to swap the USDT for ETH. The hacker also used Tornado Cash, a privacy-preserving protocol, to anonymize some of the transactions.

PeckShield estimated that the hacker swapped a total of 6,956,682 USDT for 3,039 ETH, which was worth about $8.45 million at the time of the swap. The hacker thus made a profit of $1.45 million from the swap, as the USDT was worth only $7 million when it was stolen. The hacker still has about 2,039 ETH left in the final address, which is worth about $5.6 million at the current price.

How Orbit Chain responded to the hack

Orbit Chain, which claims to be a “universal cross-chain protocol” that supports interoperability between various blockchains, acknowledged the hack on its official Twitter account and said it was working to recover the funds. Orbit Chain said it had contacted the exchanges where the hacker had deposited the USDT and asked them to freeze the funds. Orbit Chain also said it had upgraded its smart contract to fix the vulnerability and prevent further attacks.

Orbit Chain apologized to its users and community for the incident and said it would compensate the affected users. Orbit Chain said it would use its own funds and insurance to cover the losses and distribute new tokens to the users who had staked or provided liquidity to the USDT pool. Orbit Chain also said it would launch a new governance token called ORC to reward its loyal users and supporters.

How the crypto community reacted to the hack

The hack of Orbit Chain was one of the largest incidents in the decentralized finance (DeFi) sector in 2023, which saw a surge in hacks and exploits due to the increasing popularity and complexity of DeFi protocols. According to CipherTrace, a blockchain analytics firm, the DeFi sector accounted for 76% of the total crypto thefts and hacks in 2023, which amounted to $681 million. The largest DeFi hack of 2023 was the Poly Network hack, which resulted in the theft of $600 million worth of various tokens in August. However, the Poly Network hacker later returned most of the funds and claimed to be a “white hat” hacker who wanted to expose the security flaws of the protocol.

The crypto community had mixed reactions to the Orbit Chain hack, with some expressing sympathy and support for the project and its users, and others criticizing its security and design. Some users also questioned the legitimacy and necessity of Orbit Chain, as there are already several established and reputable cross-chain protocols in the market, such as Cosmos, Polkadot, and Avalanche. Some users also speculated that the hack could be an inside job or an exit scam by the Orbit Chain team, as the project had a low profile and a lack of transparency.