Orion Lost About $3 Million In Re-entrancy Attack And Hackers Are Removing Traces
Cryptocurrency trading protocol Orion lost $3 million in a Re-entrancy attack. The stolen funds are being transferred to the crypto mixer to remove traces. Currently, hackers are looking for a way to remove traces through the Tornado Cash crypto mixer.
According to findings from crypto security firm Peckshield Inc., the Orion protocol was hacked due to a re-login issue in its core contract. Hacking is possible due to inadequate re-login protection: the function swapThroughOrionPool allows a user-provided swap path with manually generated tokens whose transfers can be hijacked to re-enter the DepositAsset function to increase the user’s balance calculation without actually losing money. a fake token called ATK that was used to manipulate Orion groups. It uses a self-destructing smart contract.