Decentralized exchange platform Orion Protocol was hacked, suffering a loss of $3 million due to a reentrancy issue in its core contract.
Orion Protocol, a decentralized exchange platform, was the victim of a $3 million hack as a result of reentrancy problems from outside libraries. Users can access liquidity pools on both centralized and decentralized exchanges directly from their non-custodial wallet thanks to the Orion protocol.
However, a hacker was able to take over the protocol due to an imperfect reentrancy issue and steal nearly $3 million, according to a report published on January 3 by the securities firm Peckshield.
The contract was made vulnerable to the exploit when the hacker repeatedly invoked the “depositAsset” method. Tornado Cash provided the first 0.4BNB to Orion, and SimpleSwap provided the last 0.4ETH.
The hacker locked up roughly 657 ETH in his wallet address before attempting to extract about 1100 ETH using Tornado Cash. In a Twitter conversation, the CEO of Orion Protocol, Alexey Koloskov, acknowledged the attack and claimed that a flaw in one of the external libraries that Orion used during development was to blame.
Koloskov asserted that all user monies are secure and that the stolen money actually came from Orion’s Treasury.
“We want to reassure our users that no user experienced any loss during this incident. The assets at risk were in internal broker’s accounts run by ourselves-the Orion team.”
Koloskov stated that the Orion team will give priority to creating all of its contracts internally in order to avoid potential vulnerabilities from third-party libraries.
