Orion Protocol Loses $3 Million to Trading Pool Exploit, Postmortem Provides Insight
Over the weekend, a postmortem conducted on Orion Protocol revealed that the attacker created a fake token (ATK), manipulated swaps of flash-loaned stablecoins, and artificially deposited the assets twice to withdraw $3 million. Orion Protocol, the decentralized platform aggregating every centralized exchange (CEX), decentralized exchange (DEX), and swap pool into one, fell victim to the latest DeFi exploit as a hacker drained millions of crypto. The cybersecurity firm Peckshield first reported the attack, stating that the hacker used a reentrancy attack (repeatedly withdrew funds from Orion’s smart contract), leading to the theft of up to $3 million from the Orion Pool. Over the weekend, on-chain sleuth Rekt published a post-mortem of the attack. Rekt explained that “the attacker used manipulated swaps of flash loaned stablecoins, artificially depositing the assets twice before withdrawing the inflated balance.” According to the report, the hacker created a fake token (AKT). Using the AKT, the flash loaned funds, and a reentrancy hook (depositAsset), the hacker could double their balance before making off with the stolen loot. The hacker first deposited 0.5 USDC before making a flash loan of 284,700 USDT using the fake AKT token they created. He used the fake token to transfer $284.4 million from Orion Protocol’s liquidity pool. On-chain data shows the hacker has moved most of the funds to the sanction crypto mixer, Tornado Cash. However, approximately $1 million worth of ETH remains in the hacker’s Ethereum address. Orion Protocol CEO Alexey Koloskov explained that the exploit was not a shortcoming of any of Orion Protocol’s core codes. He said the exploit was caused by a “vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers.” Alexey Koloskov revealed that the exploit was contained to an internal broker account and that user funds remained safe. Koloskov tweeted: Orion is secure, Orion is strong The recent Orion Protocol hack takes the total exploit of DeFi protocols to over $6 billion as projects find a way to neutralize the growing problem of exploits in the sector. Read more on DeFi security below: DeFi targets are contained in:
Orion Protocol Loses $3 Million in Latest DeFi Hack
What Does Postmortem Say About the Attack?
Users Were Not Affected
All users' funds are safe and secure.
- Staking: secure
- Orion Pool: secure
- Bridge: secure
- Liquidity providers: secure
- Depositless trading: secure
We were notified of an event; here's a on what happened. On the Flipside
Why You Should Care
How Auditors Detect a DeFi Rug Pull Scam: Can You Do It Yourself?
Web3 Crime Trends: What Is the Hottest Target?
Read more: https://dailycoin.com/orion-protocol-loses-3-million-to-trading-pool-exploit/
Text source: DailyCoin.com