Orion Protocol Exploited for $3M Due to Reentrancy Bug

Last Updated:
Orion Protocol Exploited for $3M Due to Reentrancy Bug
  • Orion Protocol recently suffered a $3 million exploit.
  • According to the findings, the exploit was caused by a reentrancy bug.
  • PeckShield shares important details regarding the exploit.

Orion Protocol, a liquidity aggregator for multiple crypto exchanges, recently suffered an exploit that caused the platform $3 million in losses. The protocol halted operations following the theft, according to PeckShield details. The blockchain securities and data analytics platform released details regarding the attack in one of their recent tweets.

PeckShield revealed that the exploit occurred due to the reentrancy bug. The securities firm also stated that the hack occurred due to insufficient reentry protection. PeckShield also mentioned that the swapThroughOrionPool function allows anyone with crafted tokens to re-enter the deposit asset function to increase their balance without actually spending any funds.

PeckShield also elaborated that the hack initially started on BSC with 0.4 BNB from TornadoCash. The ETH hack then withdraws 0.4 ETH from SimpleSwap. They also highlighted that the hacker made 1,100 ETH from the hack, which was deposited into TornadoCash, and that another 657 ETH is still in the hacker’s account.

However, the exploit didn’t affect the price of Orion Protocol (ORN). According to CoinMarketCap data, ORN is trading at $0.9719 at press time, with a 0.56% drop in value over the last 24 hours. The 24-hour trading volume is also up by 230%.

The crypto realm is not new to hacks, as 2022 proved to be the biggest year ever for crypto hacking, according to the latest blog post by Chainalysis. A whopping $3.8 billion worth of crypto was stolen. What is even more interesting is that the majority of the hacks were on DeFi protocols. $1.7 billion of the total is also linked to North Korean hackers.

Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.