Orion protocol suffers $3M hack due to third-party vulnerabilities

Decentralized exchange platform Orion Protocol has suffered a $3 million hack due to reentrancy issues from third-party libraries.

Orion protocol was designed to enable users to access liquidity pools across centralized and decentralized exchanges right from their non-custodial wallet.

However, an incomplete reentrancy issue caused the protocol to be hijacked by a hacker who stole about $3 million, securities firm Peckshield reported on Jan. 3.

The hacker repeatedly called the “depositAsset” function which exposed the contract to the exploit. It started with initial funding of 0.4BNB from Tornado Cash to Orion, and another 0.4ETH via SimpleSwap.

The hacker moved to withdraw about 1100 ETH via Tornado Cash and locked up some 657 ETH in his wallet address.

Orion Protocol CEO Alexey Koloskov confirmed the hack in a Twitter thread, stating that the hack was caused by a vulnerability in third-party libraries used during Orion’s development.

However, Koloskov claimed that the stolen funds were from Orion’s Treasury, adding that all users’ funds are safe.

“We want to reassure our users that no user experienced any loss during this incident. The assets at risk were in internal broker’s accounts run by ourselves-the Orion team.”

To avert potential vulnerabilities from third-party libraries, Koloskov said that the Orion team will prioritize developing all its contracts in-house.

Posted In: Hacks
Bookmark (0)
ClosePlease loginn

Related Posts

A sincere thank you to our valuable sponsors: CoinDesk, Nexo and 1inch

A sincere thank you to our valuable sponsors: CoinDesk, Nexo and 1inch

Discover the cutting-edge services of CoinDesk and Nexo, the leading names in crypto and blockchain, and unlock the full potential of your digital assets.

Bookmark (0)
ClosePlease loginn
U.S. government sold over 9k BTC for $215.7M on March 14

U.S. government sold over 9k BTC for $215.7M on March 14

The US government said it plans to liquidate over 40,000 Bitcoin in four batches during this calendar year.

Bookmark (0)
ClosePlease loginn
Justin Sun’s Grenada ambassadorship to WTO ends

Justin Sun’s Grenada ambassadorship to WTO ends

Grenada’s local media reported that Justin Sun had been recalled after the political party that appointed him lost elections in June 2022.

Bookmark (0)
ClosePlease loginn
More than 50% of Bitcoin mining uses renewable energy

More than 50% of Bitcoin mining uses renewable energy

Almost a quarter of all Bitcoin miners use water to power their setups, while wind and nuclear are the second and third biggest contributors.

Bookmark (0)
ClosePlease loginn
Bittrex to halt US operations by end of April

Bittrex to halt US operations by end of April

The cryptocurrency exchange will only serve global customers going forward.

Bookmark (0)
ClosePlease loginn
Binance.US transitioning to new bank providers; briefly affecting deposits, withdrawals

Binance.US transitioning to new bank providers; briefly affecting deposits, withdrawals

Many transfer methods, including Signature ACH transfers, are affected.

Bookmark (0)
ClosePlease loginn

Leave a Reply

Your email address will not be published. Required fields are marked *