{"id":919,"date":"2023-02-27T11:39:58","date_gmt":"2023-02-27T11:39:58","guid":{"rendered":"https:\/\/shellboxes.com\/blog\/?p=919"},"modified":"2023-03-30T13:35:47","modified_gmt":"2023-03-30T13:35:47","slug":"orion-protocol-hacked-due-to-protocols-smart-contract-vulnerability","status":"publish","type":"post","link":"https:\/\/shellboxes.com\/blog\/orion-protocol-hacked-due-to-protocols-smart-contract-vulnerability\/","title":{"rendered":"<strong>Orion Protocol Hacked Due to Protocol\u2019s Smart Contract Vulnerability<\/strong>"},"content":{"rendered":"\n<p>February 2023 started with the Orion Protocol cyberattack. The Orion Protocol is a DeFi platform that acts as a liquidity aggregator for centralized and decentralized exchanges. The platform was hacked due to a re-entrancy vulnerability in the protocol\u2019s smart contract, and attackers stole approximately $3 million.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Re-entrancy Vulnerability with Protocol\u2019s Smart Contract Led to Cyberattack<\/strong><\/h2>\n\n\n\n<p>In the Orion Protocol hack, the hacker exploited the re-entrancy vulnerability within the smart contract of the protocol. This loophole exists when a smart contract does not follow the check-effects-interaction design pattern. Or in other words, this vulnerability happens in a smart contract when an attacker repeatedly calls a function and extracts assets from it before the contract updates its internal state.<\/p>\n\n\n\n<p>In this attack, the hacker created an infectious contract defining a fake ATK token to manipulate the Orion pools. He deposited 0.5 USDC and took out a flash loan of 284700 USDT. After this, he swapped from USDC via ATK to USDT. The chains of swaps involved a call to the token transfer in the infected contract, so he successfully exploited the re-entrancy vulnerability to increase the balance in the contract. Resultantly, he legitimately withdrew about $3 million of stolen money.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Smart Contract Audit Can Protect from Re-entrancy Attacks<\/strong><\/h2>\n\n\n\n<p>Re-entrancy is the most common cause of smart contract hacks. DeFi projects usually include protection against re-entrancy attacks, but a potential loophole was overlooked in Orion.&nbsp;<\/p>\n\n\n\n<p>However, re-entrancy vulnerability can be identified by the smart contract audit and bug bounty programs.<\/p>\n\n\n\n<p>Protect your project from smart contract hacks with smart contract audits. To learn more about protection against cyberattacks, contact our smart contract security experts at&nbsp;<a href=\"mailto:contact@shellboxes.com\">contact@shellboxes.com<\/a>.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>February 2023 started with the Orion Protocol cyberattack. The Orion Protocol is a DeFi platform that acts as a liquidity&#8230;<\/p>\n","protected":false},"author":4,"featured_media":987,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","rank_math_lock_modified_date":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_ap_featured_post":false,"footnotes":""},"categories":[57,60],"tags":[],"class_list":["post-919","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blockchain","category-cybersecurity"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/posts\/919"}],"collection":[{"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/comments?post=919"}],"version-history":[{"count":1,"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/posts\/919\/revisions"}],"predecessor-version":[{"id":920,"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/posts\/919\/revisions\/920"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/media\/987"}],"wp:attachment":[{"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/media?parent=919"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/categories?post=919"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/shellboxes.com\/blog\/wp-json\/wp\/v2\/tags?post=919"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}