Decentralized trade platform Orion Protocol has suffered a $3 million hack as a result of reentrancy points from third-party libraries.
Orion protocol was designed to allow customers to entry liquidity swimming pools throughout centralized and decentralized exchanges proper from their non-custodial pockets.
Nevertheless, an incomplete reentrancy situation triggered the protocol to be hijacked by a hacker who stole about $3 million, securities agency Peckshield reported on Jan. 3.
The hacker repeatedly known as the “depositAsset” perform which uncovered the contract to the exploit. It began with preliminary funding of 0.4BNB from Twister Money to Orion, and one other 0.4ETH by way of SimpleSwap.
The hacker moved to withdraw about 1100 ETH by way of Twister Money and locked up some 657 ETH in his pockets tackle.
Orion Protocol CEO Alexey Koloskov confirmed the hack in a Twitter thread, stating that the hack was brought on by a vulnerability in third-party libraries used throughout Orion’s growth.
Nevertheless, Koloskov claimed that the stolen funds have been from Orion’s Treasury, including that every one customers’ funds are secure.
“We need to reassure our customers that no person skilled any loss throughout this incident. The property in danger have been in inner dealer’s accounts run by ourselves-the Orion workforce.”
To avert potential vulnerabilities from third-party libraries, Koloskov stated that the Orion workforce will prioritize creating all its contracts in-house.
