Decentralized exchange Orion Protocol hacked for $3 million

Quick Take

  • Orion Protocol suffered a major security attack with the loss of $3 million in project assets.
  • The hack occurred due to a reentrancy vulnerability in the project’s smart contracts.

Orion Protocol, a lesser-known decentralized exchange platform, suffered a major security hack on Thursday.

An attacker made off with a total of $3 million in project assets locked in its smart contracts on Ethereum and BNB Chain.

The exploit was carried out using a reentrancy technique, security firm PeckShield found. A reentrancy vulnerability in a smart contract happens when an attacker repeatedly calls a function and extracts assets from it before the contract updates its internal state. The vulnerability can result from a bug in the smart contract or from insufficient security measures.

The Orion Protocol team acknowledged the hack and temporarily paused its deposit function. Orion Protocol CEO, Alexey Koloskov, claimed that users did not lose any funds, only the company's funds were taken. "We want to reassure our users that no user experienced any loss during this incident."

Koloskov added that the vulnerability may have been introduced due to the development team's use of third-party software libraries to write the smart contracts. Going forward, Koloskov added that the team will rely only on in-house developers to write their contracts.

© 2023 The Block Crypto, Inc. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.