Orbit Suspends Cross-Chain Bridge Contract After $82M Exploit: Beosin
Report
The blockchain security firm Beosin reported a flaw in a decentralized cross-chain bridge contract which allowed an attacker to exploit the contract over $82 million worth of crypto assets.
The cross-chain bridge contract, which resides on Ethereum network, was designed to allow transfer of cryptocurrencies from EOS-based blockchains to Ethereum-based blockchains.
According to Beosin’s report, the contract did not have any security safeguards for the value of the transfers and the malicious attacker was able to exploit an Integer Overflow vulnerability to force a transfer of tokens from the EOS mainnet to the Ethereum bridge contract.
The exploit took place on 30 August 2019 and the attacker managed to transfer a total of 111,000 EOS tokens (worth over $80 million) to the Ethereum contract.
The attacker then immediately took advantage of a flaw in the Ethereum bridge contract that allowed them to convert the tokens to ETH without facing any resistance.
In the end, the attacker was able to gain over 668,000 ETH (worth over $82 million) through this exploit.
In response to the incident, Orbit, the company that created the cross-chain bridge contract, has suspended the contract until the vulnerability is patched and they have released a security hotfix. The company has urged users not to use the cross-chain bridge contract.
The incident is the latest example of security problems with crypto networks, and it serves as a reminder of the importance of security audits to make sure that crypto networks remain secure.