Orion Protocol exploiter willing to return stolen funds
The attacker who recently made off with $3m worth of ethereum (ETH) from the Orion Protocol has had a change of heart and is reportedly willing to return the stolen funds.
Blockchain security and data analytics company Peckshield Inc. tweeted a screenshot of the Orion Protocol exploiter’s address, in which the attacker wrote they were ready to refund the money. The attacker also asked Orion to leave a wallet address, presumably where they would deposit the stolen money.
Hacker used re-entrancy attack to steal funds
The hacker has yet to give a reason for the change of heart and has not stated whether he will return all the funds he stole or part of them.
A postmortem on the decentralized finance (DeFi) protocol revealed that the attacker created a fake token called ATK and then manipulated flash-loaned stablecoin swaps while artificially depositing the fake ATK token. The attacker then withdrew the inflated balance, amounting to $3m.
An on-chain analysis of the attack estimated the losses at $2.8m for Orion’s ETH implementation and $200,000 for its Binance Smart Chain (BSC) implementation. Shortly after the attack, an exploiter-identified wallet passed ETH tokens through sanctioned privacy mixer, Tornado Cash.
Orion’s CEO says users were unaffected by the attack
Following the attack, Orion Protocol CEO Alexey Koloskov took to Twitter to explain that the exploit was not caused by a flaw in any of the protocol’s core codes. In his words, the attack was made possible by a vulnerability in mixing third-party libraries in the smart contracts of one of Orion’s experimental and private brokers.
Koloskov also assured users that the exploit was limited to the broker’s account and that other customers’ funds had not been compromised.
Following this attack, the Orion Protocol, it has been reported, has decided to develop all its smart contracts in-house to avoid similar attacks in the future.
The news of the exploiter’s willingness to refund the money should relieve the Orion broker, whose identity has not been made public. The Orion exploit was the latest in a string of high-profile DeFi attacks since the beginning of the year. On Jan. 12, the LendHub DeFi protocol lost $6m to hackers, while Thoreum Finance and Midas Capital were also targeted.