Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Decentralized exchange platform Orion Protocol has suffered a $3 million hack due to reentrancy issues from third-party libraries.
Orion protocol was designed to enable users to access liquidity pools across centralized and decentralized exchanges right from their non-custodial wallet.
However, an incomplete reentrancy issue caused the protocol to be hijacked by a hacker who stole about $3 million, securities firm Peckshield reported on Jan. 3.
The hacker repeatedly called the “depositAsset” function which exposed the contract to the exploit. It started with initial funding of 0.4BNB from Tornado Cash to Orion, and another 0.4ETH via SimpleSwap.
The hacker moved to withdraw about 1100 ETH via Tornado Cash and locked up some 657 ETH in his wallet address.
Orion Protocol CEO Alexey Koloskov confirmed the hack in a Twitter thread, stating that the hack was caused by a vulnerability in third-party libraries used during Orion’s development.
However, Koloskov claimed that the stolen funds were from Orion’s Treasury, adding that all users’ funds are safe.
“We want to reassure our users that no user experienced any loss during this incident. The assets at risk were in internal broker’s accounts run by ourselves-the Orion team.”
To avert potential vulnerabilities from third-party libraries, Koloskov said that the Orion team will prioritize developing all its contracts in-house.
The post Orion protocol suffers $3M hack due to third-party vulnerabilities appeared first on CryptoSlate.
Publication date
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.