Orion protocol suffers $3M hack due to third-party vulnerabilities

Decentralized exchange platform Orion Protocol has suffered a $3 million hack due to reentrancy issues from third-party libraries.

Orion protocol was designed to enable users to access liquidity pools across centralized and decentralized exchanges right from their non-custodial wallet.

However, an incomplete reentrancy issue caused the protocol to be hijacked by a hacker who stole about $3 million, securities firm Peckshield reported on Jan. 3.

The hacker repeatedly called the “depositAsset” function which exposed the contract to the exploit. It started with initial funding of 0.4BNB from Tornado Cash to Orion, and another 0.4ETH via SimpleSwap.

The hacker moved to withdraw about 1100 ETH via Tornado Cash and locked up some 657 ETH in his wallet address.

Orion Protocol CEO Alexey Koloskov confirmed the hack in a Twitter thread, stating that the hack was caused by a vulnerability in third-party libraries used during Orion’s development.

However, Koloskov claimed that the stolen funds were from Orion’s Treasury, adding that all users’ funds are safe.

“We want to reassure our users that no user experienced any loss during this incident. The assets at risk were in internal broker’s accounts run by ourselves-the Orion team.”

To avert potential vulnerabilities from third-party libraries, Koloskov said that the Orion team will prioritize developing all its contracts in-house.

Posted In: Hacks
Bookmark (0)

Related Posts

Lido to sunset staking on Polkadot, Kusama by August

Lido to sunset staking on Polkadot, Kusama by August

Lido developer MixBytes said Polkadot’s DeFi lack of liquidity undermined the value proposition of liquid staking.

Bookmark (0)
NEAR launches $11M grassroots community trust registered in Guernsey

NEAR launches $11M grassroots community trust registered in Guernsey

NEAR Foundation and Governance Working Group jointly select trustees for community purpose trust.

Bookmark (0)
Voyager redeems $150M of USDC to fiat through Circle

Voyager redeems $150M of USDC to fiat through Circle

It comes as Voyager account holders continue to advocate for a restructuring plan that would see Binance recoup most of customer accounts.

Bookmark (0)

Metacade raises over $14.7M as presale set to close in 72 hours

Bookmark (0)
Potential crypto ban: Coin Center raises the alarm on the RESTRICT Act

Potential crypto ban: Coin Center raises the alarm on the RESTRICT Act

Coin Center warns of the potential for US authorities to block, restrict, and ban entire asset classes — including cryptocurrency.

Bookmark (0)
Law firm Cooper & Kirk accuses US regulators of weaponizing banking

Law firm Cooper & Kirk accuses US regulators of weaponizing banking

Cooper & Kirk calls on Congress to investigate unlawful and unconstitutional actions against the crypto industry.

Bookmark (0)

Leave a Reply

Your email address will not be published. Required fields are marked *