Tue, March 19

Orion Protocol Exploited by Hacker Stealing Away Roughly $3 Million

Crypto Wallet BitGo Fixes Serious Flaw That Could Expose Users Private Keys Defi News
  • More than 1,700 Ethereum, or more than $3 million, were stolen by the hacker.
  • The hacker in this instance manipulated Orion’s pools by creating a new token called ATK.

On Thursday, the fundamental contract of Orion Protocol, a liquidity aggregator for CeFi and DeFi exchanges, was compromised in both its Ethereum and Binance Smart Chains (BSC) deployments. More than 1,700 Ethereum, or more than $3 million, were stolen by the hacker.

On Thursday the breach was feasible due to insufficient reentrancy protection, as described by blockchain security firm PeckShield on Twitter. With a reentrancy problem, an attacker may repeatedly take money out of a smart contract without paying any fees.

According to PeckShield, using the swapThroughOrionPool method allows anybody with specially designed tokens to re-enter the deposit asset function and steal the tokens. There is no monetary outlay required to grow the account balance in this way.

Deposit Feature Paused 

The hacker in this instance manipulated Orion’s pools by creating a new token called ATK and a self-destructing smart contract. CEO of Orion Alexey Koloskov posted a thread detailing the vulnerability soon after it was discovered.

Even if the exploited contract was utilized by one of the company’s experimental brokers, Koloskov stressed that it was of little public importance. He assured the crowd that their money was completely secure. However, Orion’s Deposit feature has been shut down and will not reopen until the problem has been fixed and appropriate audits have been performed.

The amount of money stolen by DeFi breaches has been on the rise in 2022, $3.8 billion was stolen, of which $1.7 billion was in crypto and committed by North Korean hackers. The $100 million Harmony bridge breach in June is widely believed to have been carried out by the North Korean Lazarus Group, who stole a large portion of the stolen funds.

Recommended For You:

Hacker Exploits BonqDAO Protocol of Over $120 Million

An engineering graduate who is passionate about writing and loves the very existence of crypto. Trading forex currency keeps me busy when I am not writing and analysing the crypto world.