[ad_1]
The decentralized exchange platform Orion Protocol has been subject to a $3 million hack due to reentrancy issues from third-party libraries.
The Orion protocol is designed to allow users to access liquidity pools across centralized and decentralized exchanges directly from their non-custodial wallets.
However, incomplete re-login issues led to the protocol being hijacked by hackers who stole about $3 million, securities firms Peckshield reported on January 3.
The hacker repeatedly calls the “depositAsset” function which exposes the contract to exploit. It started with an initial funding of 0.4BNB from Tornado Cash to Orion, and another 0.4ETH via SimpleSwap.
The hacker moved to withdraw around 1100 ETH via Tornado Cash and locked around 657 ETH in his wallet address.
Orion Protocol CEO Alexey Koloskov confirmed the hack in a Twitter thread, stated that the hack was caused by a vulnerability in third-party libraries used during Orion development.
However, Koloskov claims that the stolen funds came from Orion’s Treasury, adding that all user funds are safe.
“We want to assure our users that no user has suffered any loss during this incident. The risky assets are in an internal brokerage account run by us – the Orion team.”
To avoid potential vulnerabilities from third-party libraries, Koloskov says the Orion team will prioritize developing all of its own contracts.
[ad_2]
Source link