Orion Protocol Loses $3 Million to Trading Pool Exploit, Postmortem Provides Insight

Post-mortem on Orion Protocol shows the hacker created fake tokens and used flash loans to steal $3 million.

Hacker hacking into orio protocol logo in outer space.
  • Last week, the liquidity aggregator for centralized and decentralized exchanges, Orion Protocol, suffered one of DeFi’s biggest hacks of the year. 
  • The hacker stole $3 million from Orion Protocol’s liquidity pool by creating a fake token and using flash loans and a reentrancy hook. 
  • Orion Protocol’s CEO Alexey Koloskov said only an internal broker account was affected, and users’ accounts remain safe.

Over the weekend, a postmortem conducted on Orion Protocol revealed that the attacker created a fake token (ATK), manipulated swaps of flash-loaned stablecoins, and artificially deposited the assets twice to withdraw $3 million.

Orion Protocol Loses $3 Million in Latest DeFi Hack

Orion Protocol, the decentralized platform aggregating every centralized exchange (CEX), decentralized exchange (DEX), and swap pool into one, fell victim to the latest DeFi exploit as a hacker drained millions of crypto.

The cybersecurity firm Peckshield first reported the attack, stating that the hacker used a reentrancy attack (repeatedly withdrew funds from Orion’s smart contract), leading to the theft of up to $3 million from the Orion Pool.

What Does Postmortem Say About the Attack?

Over the weekend, on-chain sleuth Rekt published a post-mortem of the attack. Rekt explained that “the attacker used manipulated swaps of flash loaned stablecoins, artificially depositing the assets twice before withdrawing the inflated balance.”


According to the report, the hacker created a fake token (AKT). Using the AKT, the flash loaned funds, and a reentrancy hook (depositAsset), the hacker could double their balance before making off with the stolen loot.

The hacker first deposited 0.5 USDC before making a flash loan of 284,700 USDT using the fake AKT token they created. He used the fake token to transfer $284.4 million from Orion Protocol’s liquidity pool.


On-chain data shows the hacker has moved most of the funds to the sanction crypto mixer, Tornado Cash. However, approximately $1 million worth of ETH remains in the hacker’s Ethereum address.

Users Were Not Affected

Orion Protocol CEO Alexey Koloskov explained that the exploit was not a shortcoming of any of Orion Protocol’s core codes. He said the exploit was caused by a “vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers.”

Alexey Koloskov revealed that the exploit was contained to an internal broker account and that user funds remained safe. Koloskov tweeted:

On the Flipside

  • To counter the exploit, Orion protocol has decided to develop all contracts in-house to avoid potential vulnerability.

Why You Should Care

The recent Orion Protocol hack takes the total exploit of DeFi protocols to over $6 billion as projects find a way to neutralize the growing problem of exploits in the sector.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Milko Trajcevski

Milko Trajcevski is a DailyCoin news reporter, mainly focused on Ethereum (ETH), Cardano (ADA), and their founders (Vitalik Buterin and Charles Hoskinson). Milko is an avid follower of crypto and blockchain technology and has written thousands of articles on the subjects. He finds joy in transforming complex issues into written content that anyone can understand. Milko has used and analyzed numerous exchanges, such as Coinbase, FTX, and Binance. He also closely follows all of the latest news around the largest decentralized exchanges (DEXs). Location: Skopje, Macedonia