{"id":73571,"date":"2023-02-03T16:25:41","date_gmt":"2023-02-03T14:25:41","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=73571"},"modified":"2025-09-09T14:50:47","modified_gmt":"2025-09-09T11:50:47","slug":"defi-project-orion-protocol-hacked-for-3-million","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/defi-project-orion-protocol-hacked-for-3-million\/","title":{"rendered":"DeFi project Orion Protocol hacked for $3 million"},"content":{"rendered":"<p>An unknown attacker carried out an attack on the decentralised platform Orion Protocol, operating on Ethereum and BNB Chain. The hacker managed to obtain $3 million.<\/p>\n<p><!--more--><\/p>\n<blockquote class=\\\"twitter-tweet\\\">\n<p lang=\\\"en\\\" dir=\\\"ltr\\\">1\/ Again, a $3M lesson from the reentrancy bug! The <a href=\\\"https:\/\/twitter.com\/orion_protocol?ref_src=twsrc%5Etfw\\\">@orion_protocol<\/a> is hacked due to a reentrancy issue in its core contract: ExchangeWithOrionPool. Both eth\/bsc deployment are hacked. Here are the two related hack txs: <a href=\\\"https:\/\/t.co\/YvRIRq6T57\\\">https:\/\/t.co\/YvRIRq6T57<\/a><a href=\\\"https:\/\/t.co\/GbexocEZAo\\\">https:\/\/t.co\/GbexocEZAo<\/a> <a href=\\\"https:\/\/t.co\/lF13kbMkA8\\\">https:\/\/t.co\/lF13kbMkA8<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\\\"https:\/\/twitter.com\/peckshield\/status\/1621337925228306433?ref_src=twsrc%5Etfw\\\">February 3, 2023<\/a><\/p><\/blockquote>\n<p> <script async src=\\\"https:\/\/platform.twitter.com\/widgets.js\\\" charset=\\\"utf-8\\\"><\/script><\/p>\n<p>According to PeckShield researchers, a reentrancy attack was executed. The vulnerability arises when an attacker repeatedly calls a function and withdraws assets from the smart contract before updating its internal state. Such incidents are possible when there are coding errors and weaknesses in the protocol\u2019s security architecture.<\/p>\n<p>The Orion Protocol team acknowledged the hack and suspended the deposit function.  <\/p>\n<p>CEO of the project Alexey Koloskov <a href=\\\"https:\/\/twitter.com\/alexeykoloskov\/status\/1621269283178160128\\\">emphasised<\/a>, that users did not lose funds \u2014 only the company\u2019s assets were affected:<\/p>\n<blockquote class=\\\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\\\">\n<p>\u00abWe want to reassure our users that none of them suffered losses during this incident\u00bb.<\/p>\n<\/blockquote>\n<p>He added that the vulnerability could have arisen from the use of third-party libraries to write smart contracts. Going forward, according to Koloskov, the development team will rely more on in-house resources.<\/p>\n<p>Earlier, due to the reentrancy attack, the Omni <a href=\"https:\/\/u1f987.com\/en\/news\/hacker-siphons-off-about-1-5-million-from-the-omni-protocol\">lost $1.5 million<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An unknown attacker carried out an attack on the decentralised Orion Protocol platform.<\/p>\n","protected":false},"author":1,"featured_media":73572,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154],"class_list":["post-73571","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes"],"aioseo_notices":[],"amp_enabled":true,"views":"26","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/73571","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=73571"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/73571\/revisions"}],"predecessor-version":[{"id":73573,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/73571\/revisions\/73573"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/73572"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=73571"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=73571"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=73571"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}