BlocksInform
Orion – an aggregator of liquidity for the cefi and defi exchanges – had its basic contract hacked on Thursday through its ethereum and BINANCE smart chains (bsc) deployments.
The hacker earned more than 1700eth, totaling more than 3 million dollars at the time of writing.
Orion Protocol, an aggregator of liquidity for CeFi and Challenge exchanges, saw its main contract hacked on Thursday on its Ethereum and Binance Smart Chains (BSC) deployments.
As explained by the blockchain security company PeckShield on Twitter, Thursday’s hack was made possible “due to incomplete reentrancy protection.” A Reentrancy Hack again.
Peckshield clarified that the swapthroughorionpool feature allows anyone with manufactured tokens to divert their transfer into the deposit asset return feature. This allows users to increase their balance without any real COF.
In this case, the pirate used a newly built token called atk, and an intelligent self-destructive contract, to manipulate Orion's pools.
4/ The hack is started first on BSC w/ initial fund 0.4 BNB from @TornadoCash. The ETH hack draws initial fund 0.4 ETH from @SimpleSwap_io. After hack, the gain of 1100 ETH is deposited into @TornadoCash and other 657 ETH stays in the hacker’s account: https://t.co/wGG6RA0qii pic.twitter.com/lRj9HGEgQc
— PeckShield Inc. (@peckshield) After hack, the 1100 ETH win is deposited in @TornadoCash and other 657 ETH remains in the hacker's account: https://t. co/wG6RA0qii.
Alexey Koloskov, CEO of Orion, published a thread explaining the exploit shortly after it occurred.
We have reason to believe that the issue was not a result of shortcomings in our core protocol code.
Instead could have been caused by a vulnerability to shuffle third-party libraries into one of the smart contracts used by our experimental and private brokers," he said. Koloskov noted that the contract operated was not of major importance to the audience.
Was primarily used by one of his experimental brokers with the company's treasure.
Koloskov noted that the contract operated was not of major importance to the audience.
Money stolen through DeFi hacks is growing over time: In 2022, $3.8 billion was stolen, with $1.7 billion in crypto taken by North Korean hackers alone.
Much of that money was taken by the North Korean Lazarus Group, which is suspected to have executed the $100 million Harmony bridge hack in June.
In 2022, $3.8B was stolen, including $1.7B in cryptography by North Korean hackers.
Much of this money was taken by the North Korean group lazarus, who are suspected of having hacked the $100 million Harmony Bridge in June. Much of the BNB was quickly whisked away to other chains in the aftermath.
