- Orion Protocol recently suffered a $3 million exploit.
- According to the findings, the exploit was caused by a reentrancy bug.
- PeckShield shares important details regarding the exploit.
Orion Protocol, a liquidity aggregator for multiple crypto exchanges, recently suffered an exploit that caused the platform $3 million in losses. The protocol halted operations following the theft, according to PeckShield details. The blockchain securities and data analytics platform released details regarding the attack in one of their recent tweets.
1/ Again, a $3M lesson from the reentrancy bug! The @orion_protocol is hacked due to a reentrancy issue in its core contract: ExchangeWithOrionPool. Both eth/bsc deployment are hacked. Here are the two related hack txs: https://t.co/YvRIRq6T57https://t.co/GbexocEZAo https://t.co/lF13kbMkA8— PeckShield Inc. (@peckshield) February 3, 2023
PeckShield revealed that the exploit occurred due to the reentrancy bug. The securities firm also stated that the hack occurred due to insufficient reentry protection. PeckShield also mentioned that the swapThroughOrionPool function allows anyone with crafted tokens to re-enter the deposit asset function to increase their balance without actually spending any funds.
PeckShield also elaborated that the hack initially started on BSC with 0.4 BNB from TornadoCash. The ETH hack then withdraws 0.4 ETH from SimpleSwap. They also highlighted that the hacker made 1,100 ETH from the hack, which was deposited into TornadoCash, and that another 657 ETH is still in the hacker’s account.
How…
The post Orion Protocol Exploited for $3M Due to Reentrancy Bug appeared first on Coin Edition.