Orion Protocol Loses $3 Million in Latest DeFi Hack

Summary

  • Orion Protocol, a liquidity aggregator for centralized and decentralized exchanges, lost $3 million in one of DeFi’s biggest hacks of the year.
  • The hacker used a reentrancy attack to repeatedly withdraw funds from Orion’s smart contract.
  • The postmortem revealed that the attacker created a fake token (ATK), manipulated swaps of flash-loaned stablecoins, and artificially deposited the assets twice to withdraw $3 million.

DeFi Hack on Orion Protocol

Last week, the liquidity aggregator for centralized and decentralized exchanges, Orion Protocol, suffered one of DeFi’s biggest hacks of the year. The hacker stole $3 million from Orion Protocol’s liquidity pool by creating a fake token and using flash loans and a reentrancy hook. Orion Protocol’s CEO Alexey Koloskov said only an internal broker account was affected, and users‘ accounts remain safe.

Postmortem Reveals Attack Details

Over the weekend, a postmortem conducted on Orion Protocol revealed that the attacker created a fake token (ATK), manipulated swaps of flash-loaned stablecoins, and artificially deposited the assets twice to withdraw $3 million. On-chain data shows that the hacker has moved most of the funds to the sanction crypto mixer Tornado Cash; however, approximately $1 million worth of ETH remains in their address.

Vulnerability & Exploit Details

Orion Protocol CEO Alexey Koloskov explained that this exploit was not a shortcoming of any core codes but instead caused by „vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers.“ The report states that „the attacker used manipulated swaps of flash loaned stablecoins, artificially depositing the assets twice before withdrawing inflated balances.“

User Funds Protected

It is reassuring to know that users‘ funds are safe as this exploit did not compromise any user accounts or funds. All users can continue to use Orion protocol with confidence knowing their funds are secure.

Conclusion Despite suffering from such an attack, it is commendable how quickly Orion responded with transparency about what happened in order to keep user’s information secure. With more security protocols put into place along with increased vigilance against external threats like these will help ensure similar attacks do not happen again in future.