Orion Lost About $3 Million In Re-entrancy Attack And Hackers Are Removing Traces

Key Points:

  • Orion lost about $3 million in a reentrancy attack.
  • The cause of the attack was determined to be a re-login issue in its core contract.
  • Currently, hackers are looking for a way to remove traces through the Tornado Cash crypto mixer.
Cryptocurrency trading protocol Orion lost $3 million in a Re-entrancy attack. The stolen funds are being transferred to the crypto mixer to remove traces.
Orion Lost About $3 Million In Attack And Hackers Are Removing Traces Through Tornado Cash

According to findings from crypto security firm Peckshield Inc., the Orion protocol was hacked due to a re-login issue in its core contract.

In which the attacker continuously withdraws funds from a smart contract. Gal Sagie, CEO of cybersecurity firm Hypernative, said the attacker deployed a fake token called ATK that was used to manipulate Orion groups. It uses a self-destructing smart contract.

Hacking is possible due to inadequate re-login protection: the function swapThroughOrionPool allows a user-provided swap path with manually generated tokens whose transfers can be hijacked to re-enter the DepositAsset function to increase the user’s balance calculation without actually losing money.

Orion Lost About $3 Million In Attack And Hackers Are Removing Traces Through Tornado Cash

The hacking process is started first on BSC with an initial amount of 0.4 BNB from TornadoCash. ETH hack initially withdraws 0.4 ETH from SimpleSwap_io. After the hack, the earned amount of 1100 ETH is deposited into the TornadoCash crypto mixer, and another 657 ETH is in the hacker’s account.

Currently, the protocol’s Marketing Manager, Andrew Kirk, tells users that the protocol is looking at reports of this issue and has yet to find a solution.

Re-entrancy is a typical smart contract vulnerability. While it can exist in smart contracts on various blockchain platforms, it is most often associated with the Ethereum blockchain.

Orion Lost About $3 Million In Attack And Hackers Are Removing Traces Through Tornado Cash

Re-entrancy attacks are most well-known due to the 2016 DAO hack on the Ethereum blockchain. However, these vulnerabilities also have cropped up in multiple smart contract hacks, including several DeFi protocols.

This attacks are made possible by the use of a logical but insecure code pattern when performing transfers within Ethereum smart contracts.  The check-interaction-effects code pattern allows a malicious smart contract to execute the code in its fallback function and reenter a vulnerable function before it has the opportunity to update its internal state.

Re-entrancy vulnerabilities can be avoided by using the check-effects-interaction code pattern, where state updates are performed before the value transfer that they record. 

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Foxy

Coincu News

Orion Lost About $3 Million In Re-entrancy Attack And Hackers Are Removing Traces

Key Points:

  • Orion lost about $3 million in a reentrancy attack.
  • The cause of the attack was determined to be a re-login issue in its core contract.
  • Currently, hackers are looking for a way to remove traces through the Tornado Cash crypto mixer.
Cryptocurrency trading protocol Orion lost $3 million in a Re-entrancy attack. The stolen funds are being transferred to the crypto mixer to remove traces.
Orion Lost About $3 Million In Attack And Hackers Are Removing Traces Through Tornado Cash

According to findings from crypto security firm Peckshield Inc., the Orion protocol was hacked due to a re-login issue in its core contract.

In which the attacker continuously withdraws funds from a smart contract. Gal Sagie, CEO of cybersecurity firm Hypernative, said the attacker deployed a fake token called ATK that was used to manipulate Orion groups. It uses a self-destructing smart contract.

Hacking is possible due to inadequate re-login protection: the function swapThroughOrionPool allows a user-provided swap path with manually generated tokens whose transfers can be hijacked to re-enter the DepositAsset function to increase the user’s balance calculation without actually losing money.

Orion Lost About $3 Million In Attack And Hackers Are Removing Traces Through Tornado Cash

The hacking process is started first on BSC with an initial amount of 0.4 BNB from TornadoCash. ETH hack initially withdraws 0.4 ETH from SimpleSwap_io. After the hack, the earned amount of 1100 ETH is deposited into the TornadoCash crypto mixer, and another 657 ETH is in the hacker’s account.

Currently, the protocol’s Marketing Manager, Andrew Kirk, tells users that the protocol is looking at reports of this issue and has yet to find a solution.

Re-entrancy is a typical smart contract vulnerability. While it can exist in smart contracts on various blockchain platforms, it is most often associated with the Ethereum blockchain.

Orion Lost About $3 Million In Attack And Hackers Are Removing Traces Through Tornado Cash

Re-entrancy attacks are most well-known due to the 2016 DAO hack on the Ethereum blockchain. However, these vulnerabilities also have cropped up in multiple smart contract hacks, including several DeFi protocols.

This attacks are made possible by the use of a logical but insecure code pattern when performing transfers within Ethereum smart contracts.  The check-interaction-effects code pattern allows a malicious smart contract to execute the code in its fallback function and reenter a vulnerable function before it has the opportunity to update its internal state.

Re-entrancy vulnerabilities can be avoided by using the check-effects-interaction code pattern, where state updates are performed before the value transfer that they record. 

DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.

Join us to keep track of news: https://linktr.ee/coincu

Foxy

Coincu News