• Orion Protocol loses $3M of crypto in trading pool exploit
• Attacker used a fake token and self-destructing smart contract to manipulate the Orion pools
• Price of Orion’s native token ORN is little changed following the attack
Exploit on Orion Protocol
Orion Protocol was set to pause operations Thursday after an apparent attacker drained millions of dollars worth of cryptocurrency, according to cybersecurity firm Peckshield. Initial estimates from on-chain sleuths placed the losses at $2.8 million on Orion’s Ethereum implementation and $200,000 on its BSC implementation.
Vulnerability Explained
The attacker deployed a fake token called ATK which was used to manipulate the Orion pools. It utilized a self-destructing smart contract. Gal Sagie, CEO of cybersecurity company Hypernative, said that the root cause is now confirmed with the team and they are fixing the bug now.
Action Taken by Team
The protocol is being paused as we speak,“ Peckshield said in a Twitter message. The firm said it is assisting Orion. Furthermore, Orion Protocol CEO Alexey Koloskov has reassured investors that „all funds are safe and secure.“ He mentioned that he believes this issue was not caused by any shortcomings in their core protocol code but rather might have been caused by a vulnerability in mixing third-party libraries in one of their smart contracts used by experimental and private brokers.
Attacker’s Movements
A wallet identified as the attacker’s began passing ether tokens through privacy mixer Tornado Cash shortly after the event.
Price Impact
The price of Orion’s native token ORN is little changed following the apparent attack, up nearly 14% in the last 24 hours to $1.03