Orbit Bridge's Ethereum-side vault contracts gate withdrawals on an off-chain quorum: seven of ten farmer signatures over a (txHash, toAddr, token, amount) tuple. On 2023-12-31 the attacker submitted withdrawal calls signed by seven legitimate signer keys and drained ~$81.7M across ETH, USDT, USDC, DAI, and WBTC pools. Both Theori's and Halborn's post-mortems concluded the contract-level signature verification (ecrecover loop, threshold counter, replay-nonce check) executed as designed — the seven signatures were cryptographically valid. The root cause was operational: the seven signer keys, or the systems holding them, were compromised off-chain (the leading hypothesis is shared infrastructure / shared credential surface across signer machines), not a flaw in the bridge's Solidity. The CosmWasm-side mint authority on Orbit Chain accepted the resulting cross-chain proof because, again, the threshold was met.
Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Classification: Protocol Logic. Technique: Signature Exploit. Bridge hack. Target type: DeFi Protocol. Affected chains: Ethereum. Implementation language: Solidity.
- chain
- ethereum
- protocol
- Orbit Bridge
- bug_class
- bridge
- date_occurred
- 2023-12-31
- loss_usd
- $81,700,000
- classification
- Protocol Logic
- technique
- Signature Exploit
- target_type
- DeFi Protocol
- language
- Solidity
- bridge_hack
- YES
- source_id
- dl:1981