• Orion Protocol, a crypto trading venue, was the victim of a reentracy attack in which an attacker drained millions of dollars worth of cryptocurrency.
• The attacker deployed a fake token called ATK which was used to manipulate the Orion pools and utilized a self-destructing smart contract.
• Initial estimates placed losses at $2.8 million on Orion’s Ethereum implementation and $200,000 on its BSC implementation.
Orion Protocol Loses Crypto in Trading Pool Exploit
The Attack
Orion Protocol, a crypto trading venue, was the victim of a reentrancy attack in which an attacker drained millions of dollars worth of cryptocurrency. The attacker deployed a fake token called ATK which was used to manipulate the Orion pools and utilized a self-destructing smart contract.
The Losses
Initial estimates placed losses at $2.8 million on Orion’s Ethereum implementation and $200,000 on its BSC implementation. A wallet identified as the attacker’s began passing ether tokens through privacy mixer Tornado Cash shortly after the event.
CEO’s Statement
Orion Protocol CEO Alexey Koloskov said that “all funds are safe and secure” in a tweet thread following the attack. He stated that they believe the issue was not caused by any shortcomings in their core protocol code but rather might have been caused by vulnerability in mixing third-party libraries in one of their smart contracts used by their experimental and private brokers.
Price Impact
The price of Orion’s native token ORN is little changed following the apparent attack, up nearly 14% in the last 24 hours to $1.03.
Conclusion
Overall, it appears that while there were significant losses incurred from this exploit, all funds remain secure as per statements from CEO Alexey Koloskov and there has been minimal impact on ORN pricing so far due to this incident