- More than 1,700 Ethereum, or more than $3 million, were stolen by the hacker.
- The hacker in this instance manipulated Orion’s pools by creating a new token called ATK.
On Thursday, the fundamental contract of Orion Protocol, a liquidity aggregator for CeFi and DeFi exchanges, was compromised in both its Ethereum and Binance Smart Chains (BSC) deployments. More than 1,700 Ethereum, or more than $3 million, were stolen by the hacker.
On Thursday the breach was feasible due to insufficient reentrancy protection, as described by blockchain security firm PeckShield on Twitter. With a reentrancy problem, an attacker may repeatedly take money out of a smart contract without paying any fees.
According to PeckShield, using the swapThroughOrionPool method allows anybody with specially designed tokens to re-enter the deposit asset function and steal the tokens. There is no monetary outlay required to grow the account balance in this way.
Deposit Feature Paused
The hacker in this instance manipulated Orion’s pools by creating a new token called ATK and a self-destructing smart contract. CEO of Orion Alexey Koloskov posted a thread detailing the vulnerability soon after it was discovered.
Even if the exploited contract was utilized by one of the company’s experimental brokers, Koloskov stressed that it was of little public importance. He assured the crowd that their money was completely secure. However, Orion’s Deposit feature has been shut down and will not reopen until the problem has been fixed and appropriate audits have been performed.
The amount of money stolen by DeFi breaches has been on the rise in 2022, $3.8 billion was stolen, of which $1.7 billion was in crypto and committed by North Korean hackers. The $100 million Harmony bridge breach in June is widely believed to have been carried out by the North Korean Lazarus Group, who stole a large portion of the stolen funds.
Recommended For You:
Source: https://thenewscrypto.com/orion-protocol-exploited-by-hacker-stealing-away-roughly-3-million/