Skip to main content
Sign in
Orbit Bridge1 decision on this page

Audit log

Every state-changing event for Orbit Bridge: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-20 15:41:10Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 421,014,726
    sig
    2XtCQyphrj5o…5zVSv12xexplorer ↗
    hash
    9Rr5BR22K2tk…vuuEohWrsha256 → base58
    verifying row…full verify ↗
    canonical bytes (7640 B) ▸
    {"actor":"system:backfill","investigation_id":"4e61eb7d-03f2-41e4-b415-2f288389f598","kind":"publish","page_slug":"orbit-bridge","published_at":"2026-05-20T15:41:10.055Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Orbit Bridge","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.coindesk.com/business/2024/01/02/orbit-chain-loses-81m-in-cross-chain-bridge-exploit"},{"credibility":3,"name":"","type":"other","url":"https://blockworks.co/news/80-million-lost-orbit-bridge"},{"credibility":3,"name":"","type":"other","url":"https://www.newsbtc.com/news/company/ton-foundation-bolsters-drive-to-a-cross-chain-future-together-with-ozys-orbit-bridge/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://news.bitcoin.com/orbit-bridge-hack-confirmed-over-81-5-million-lost-in-cryptocurrency-assets/"},{"credibility":3,"name":"","type":"other","url":"https://rekt.news/orbit-bridge-rekt"},{"credibility":3,"name":"","type":"other","url":"https://www.bankinfosecurity.com/cryptohack-roundup-orbit-chains-81m-new-years-eve-hack-a-24028"},{"credibility":3,"name":"","type":"other","url":"https://therecord.media/korean-police-investigating-cryptocurrency-theft-orbit-chain"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://rekt.news/orbit-bridge-rekt"},{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/299192/orbit-chain-exploiter-moves-48-million-through-tornado-cash-after-months-of-post-hack-dormancy"},{"credibility":3,"name":"","type":"other","url":"https://blockchain.news/flashnews/eth-alert-orbit-chain-hack-wallet-launders-4-320-eth-via-tornado-cash"},{"credibility":3,"name":"","type":"other","url":"https://dailycoin.com/orbit-chain-hacker-online-48m-tornado-cash/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/south-korean-agencies-investigate-82m-orbit-bridge-hack/"},{"credibility":3,"name":"","type":"other","url":"https://icoholder.com/en/news/lazarus-group-suspected-in-orbit-chain-hack-blockchain-analysts-uncover-common-tactics-in-high-profile-attacks"},{"credibility":3,"name":"","type":"other","url":"https://cryptonews.com/news/orbit-bridge-hacker-suspected-in-coinspaid-and-coinex-breaches/"},{"credibility":3,"name":"","type":"other","url":"https://therecord.media/korean-police-investigating-cryptocurrency-theft-orbit-chain"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.theblock.co/post/274411/orbit-bridge-firewall-sabotage-exploit"},{"credibility":3,"name":"","type":"other","url":"https://dailycoin.com/ozys-blames-former-ciso-for-81-5m-orbit-bridge-exploit/"},{"credibility":3,"name":"","type":"other","url":"https://crypto.news/ex-orbit-bridge-employee-accused-of-facilitating-80m-attack/"},{"credibility":3,"name":"","type":"other","url":"https://bsc.news/post/orbit-bridge-accuses-former-team-member-for-82m-hack"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://medium.com/orbit-chain/orbit-bridge-exploit-asset-recovery-and-ecosystem-normalization-plan-draft-3aa7ac2a6e4a"},{"credibility":3,"name":"","type":"other","url":"https://medium.com/orbit-chain/governance-proposal-for-the-renewal-of-orbit-chain-orc-tokens-a278eb3af1ce"},{"credibility":3,"name":"","type":"other","url":"https://blockchain.news/flashnews/eth-alert-orbit-chain-hack-wallet-launders-4-320-eth-via-tornado-cash"},{"credibility":3,"name":"","type":"other","url":"https://livedarknet.com/p/negotiations-fail-after-82m-orbit-bridge-hack/"}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"","type":"other","url":"https://www.halborn.com/blog/post/explained-the-orbit-bridge-hack-december-2023"},{"credibility":3,"name":"","type":"other","url":"https://www.infosecurity-magazine.com/news/crypto-stolen-cyber-attack-orbit/"},{"credibility":3,"name":"","type":"other","url":"https://cointelegraph.com/news/orbit-bridge-hack-pushes-december-crypto-losses-100m"}]}],"sources_used":[],"summary":"Orbit Bridge is a cross-chain interoperability protocol developed by South Korean blockchain firm Ozys that suffered one of the largest bridge exploits in crypto history on December 31, 2023, losing approximately $81.5 million in ETH, WBTC, USDT, USDC, and DAI. The attacker allegedly compromised seven of ten multisig signatories after a former chief information security officer allegedly weakened the company firewall before departing, and blockchain analysts have linked the attack's patterns to North Korea's Lazarus Group, though no formal attribution has been confirmed by authorities. As of 2025, the majority of stolen funds remain unrecovered, with the attacker having laundered over 17,000 ETH through Tornado Cash.","timeline":[{"date":"2023-11-20","event":"Orbit Bridge's CISO submits voluntary resignation request to Ozys.","source":""},{"date":"2023-11-22","event":"Alleged: Former CISO makes unauthorized changes to Ozys internal firewall policies, weakening security posture (alleged by Ozys; unproven in court).","source":""},{"date":"2023-12-06","event":"Former CISO formally departs Ozys without disclosing firewall changes.","source":""},{"date":"2023-12-31","event":"Exploit begins at 21:08 UTC. Five unauthorized withdrawals drain 9,500 ETH, 231 WBTC, 30M USDT, 10M USDC, and 10M DAI from Orbit Bridge's Ethereum vault across approximately 17 minutes.","source":""},{"date":"2023-12-31","event":"Bridge contract deactivated at approximately 22:21 UTC to prevent further losses.","source":""},{"date":"2024-01-01","event":"Orbit Chain publicly confirms the exploit. National Intelligence Service notified by 10:35 a.m. KST.","source":""},{"date":"2024-01-02","event":"ChainLight engaged for forensic analysis. Orbit Chain attempts on-chain communication with attacker. Requests to exchanges to freeze stolen assets submitted.","source":""},{"date":"2024-01-03","event":"Match Systems publishes report alleging the Orbit attacker used tools and patterns consistent with Lazarus Group, and may have also conducted the Atomic Wallet, CoinsPaid, and CoinEx hacks.","source":""},{"date":"2024-01-10","event":"South Korea's NIS, National Police Agency, and KISA confirm joint investigation is underway. NIS states no direct North Korea link confirmed but possibility is being examined. Negotiations with attacker reported to have failed.","source":""},{"date":"2024-01-25","event":"Ozys publicly alleges former CISO deliberately weakened company firewall prior to the hack. Civil lawsuit and police petition filed against the unnamed former employee.","source":""},{"date":"2024-02-14","event":"Ozys publishes draft Asset Recovery and Ecosystem Normalization Plan, targeting $82M recovery over two years through company capital, partner grants, and new business revenue.","source":""},{"date":"2024-06-08","event":"After approximately five months of dormancy, attacker moves 12,932 ETH across seven transactions, routing approximately $48 million through Tornado Cash.","source":""},{"date":"2025-01-01","event":"Attacker transfers an additional 4,320 ETH (approximately $18.81 million) through Tornado Cash. Total laundered through Tornado Cash reaches 17,242 ETH (approximately $66.35 million). Attacker reported to still hold approximately 9,511 ETH and 20M DAI.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 1d12114c-c389-4a74-97e2-bce21232d899
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.