1 year ago
Decentralized speech level Orion Protocol has suffered a $3 cardinal hack owed to reentrancy issues from third-party libraries.
Orion protocol was designed to alteration users to entree liquidity pools crossed centralized and decentralized exchanges close from their non-custodial wallet.
However, an incomplete reentrancy contented caused the protocol to beryllium hijacked by a hacker who stole astir $3 million, securities steadfast Peckshield reported connected Jan. 3.
The hacker repeatedly called the “depositAsset” relation which exposed the declaration to the exploit. It started with archetypal backing of 0.4BNB from Tornado Cash to Orion, and different 0.4ETH via SimpleSwap.
The hacker moved to retreat astir 1100 ETH via Tornado Cash and locked up immoderate 657 ETH successful his wallet address.
Orion Protocol CEO Alexey Koloskov confirmed the hack successful a Twitter thread, stating that the hack was caused by a vulnerability successful third-party libraries utilized during Orion’s development.
However, Koloskov claimed that the stolen funds were from Orion’s Treasury, adding that each users’ funds are safe.
“We privation to reassure our users that nary idiosyncratic experienced immoderate nonaccomplishment during this incident. The assets astatine hazard were successful interior broker’s accounts tally by ourselves-the Orion team.”
To avert imaginable vulnerabilities from third-party libraries, Koloskov said that the Orion squad volition prioritize processing each its contracts in-house.
The station Orion protocol suffers $3M hack owed to third-party vulnerabilities appeared archetypal connected CryptoSlate.
English (US) 