- Last week, the liquidity aggregator for centralized and decentralized exchanges, Orion Protocol, suffered one of DeFi’s biggest hacks of the year.
- The hacker stole $3 million from Orion Protocol’s liquidity pool by creating a fake token and using flash loans and a reentrancy hook.
- Orion Protocol’s CEO Alexey Koloskov said only an internal broker account was affected, and users’ accounts remain safe.
Over the weekend, a postmortem conducted on Orion Protocol revealed that the attacker created a fake token (ATK), manipulated swaps of flash-loaned stablecoins, and artificially deposited the assets twice to withdraw $3 million.
Orion Protocol Loses $3 Million in Latest DeFi Hack
Orion Protocol, the decentralized platform aggregating every centralized exchange (CEX), decentralized exchange (DEX), and swap pool into one, fell victim to the latest DeFi exploit as a hacker drained millions of crypto.
The cybersecurity firm Peckshield first reported the attack, stating that the hacker used a reentrancy attack (repeatedly withdrew funds from Orion’s smart contract), leading to the theft of up to $3 million from the Orion Pool.
What Does Postmortem Say About the Attack?
Over the weekend, on-chain sleuth Rekt published a post-mortem of the attack. Rekt explained that “the attacker used manipulated swaps of flash loaned stablecoins, artificially depositing the assets twice before withdrawing the inflated balance.”
According to the report, the hacker created a fake token (AKT). Using the AKT, the flash loaned funds, and a reentrancy hook (depositAsset), the hacker could double their balance before making off with the stolen loot.
The hacker first deposited 0.5 USDC before making a flash loan of 284,700 USDT using the fake AKT token they created. He used the fake token to transfer $284.4 million from Orion Protocol’s liquidity pool.
On-chain data shows the hacker has moved most of the funds to the sanction crypto mixer, Tornado Cash. However, approximately $1 million worth of ETH remains in the hacker’s Ethereum address.
Users Were Not Affected
Orion Protocol CEO Alexey Koloskov explained that the exploit was not a shortcoming of any of Orion Protocol’s core codes. He said the exploit was caused by a “vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers.”
Alexey Koloskov revealed that the exploit was contained to an internal broker account and that user funds remained safe. Koloskov tweeted:
Orion is secure, Orion is strong 🔒— Alexey Koloskov (@alexeykoloskov) February 2, 2023
All users' funds are safe and secure.
- Staking: secure
- Orion Pool: secure
- Bridge: secure
- Liquidity providers: secure
- Depositless trading: secure
We were notified of an event; here's a 🧵 on what happened. 👇
On the Flipside
- To counter the exploit, Orion protocol has decided to develop all contracts in-house to avoid potential vulnerability.
Why You Should Care
The recent Orion Protocol hack takes the total exploit of DeFi protocols to over $6 billion as projects find a way to neutralize the growing problem of exploits in the sector.
Read more on DeFi security below:
How Auditors Detect a DeFi Rug Pull Scam: Can You Do It Yourself?
DeFi targets are contained in:
Web3 Crime Trends: What Is the Hottest Target?