-: FOLLOW US :- @theinsaneapp
The decentralized Exchange platform Orion Protocol has been hit by an attack worth $3 million due to issues with reentrancy that result from libraries supplied by third parties.
-: FOLLOW US :- @theinsaneapp
Orion protocol was developed for users to gain access to liquidity pools in exchanges that are decentralized and centralized from their wallets that are not custodial.
-: FOLLOW US :- @theinsaneapp
A reentrancy problem led to the protocol being taken over by a hacker, who stole approximately $3 million, the security firm Peckshield announced on Jan. 3.
-: FOLLOW US :- @theinsaneapp
The hacker repeatedly invoked"deposit asset", exposing the "deposit asset" function, which made the contract vulnerable.
-: FOLLOW US :- @theinsaneapp
The project began with an initial investment of 0.4BNB through Tornado Cash to Orion and then 0.4ETH through SimpleSwap.
-: FOLLOW US :- @theinsaneapp
The hacker attempted to withdraw around 1100 ETH through Tornado Cash and locked about 657 ETH in his wallet.
-: FOLLOW US :- @theinsaneapp
Orion Protocol CEO Alexey Koloskov confirmed the vulnerability in the Twitter post, explaining that the attack resulted from a library flaw from third parties used to develop Orion.
-: FOLLOW US :- @theinsaneapp
In contrast, Koloskov said that stolen money comes taken from Orion's Treasury, adding that the funds of all users are secure.