{"id":295451,"date":"2023-02-03T13:10:32","date_gmt":"2023-02-03T13:10:32","guid":{"rendered":"https:\/\/cryptoslate.com\/?p=295451"},"modified":"2023-02-03T13:06:00","modified_gmt":"2023-02-03T13:06:00","slug":"orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities","status":"publish","type":"post","link":"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/","title":{"rendered":"Orion protocol suffers $3M hack due to third-party vulnerabilities"},"content":{"rendered":"<p>Decentralized exchange platform <a href=\"https:\/\/cryptoslate.com\/coins\/orion-protocol\/\">Orion Protocol<\/a> has suffered a $3 million hack due to reentrancy issues from third-party libraries.<\/p>\n<p>Orion protocol was designed to enable users to access liquidity pools across centralized and decentralized exchanges right from their non-custodial wallet.<\/p>\n<p>However, an incomplete reentrancy issue caused the protocol to be hijacked by a hacker who stole about $3 million, securities firm <a href=\"https:\/\/twitter.com\/peckshield\/status\/1621337925228306433?s=20&t=3_huxGh_6RKWAbiw077DzQ\">Peckshield<\/a> reported on Jan. 3.<\/p>\n<p>The hacker repeatedly called the &#8220;depositAsset&#8221; function which exposed the contract to the exploit. It started with initial funding of 0.4BNB from Tornado Cash to Orion, and another 0.4ETH via SimpleSwap.<\/p>\n<p>The hacker moved to withdraw about 1100 ETH via Tornado Cash and locked up some 657 ETH in his <a href=\"https:\/\/etherscan.io\/address\/0x3dabf5e36df28f6064a7c5638d0c4e01539e35f1\">wallet address.<\/a><\/p>\n<p>Orion Protocol CEO Alexey Koloskov confirmed the hack in a <a href=\"https:\/\/twitter.com\/alexeykoloskov\/status\/1621269256401731591?s=20&t=oIA8Mv3AkaYDT5-XjHPpUw\">Twitter thread,<\/a> stating that the hack was caused by a <a href=\"https:\/\/twitter.com\/alexeykoloskov\/status\/1621269268959477763?s=20&t=oIA8Mv3AkaYDT5-XjHPpUw\">vulnerability<\/a> in third-party libraries used during Orion's development.<\/p>\n<p>However, Koloskov claimed that the stolen funds were from Orion's Treasury, adding that all users' funds are safe.<\/p>\n<blockquote><p>&#8220;We want to reassure our users that no user experienced any loss during this incident. The assets at risk were in internal broker's accounts run by ourselves-the Orion team.&#8221;<\/p><\/blockquote>\n<p>To avert potential vulnerabilities from third-party libraries, Koloskov said that the Orion team will prioritize developing all its contracts in-house.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Decentralized exchange platform Orion Protocol has suffered a $3 million hack due to reentrancy issues from third-party libraries. Orion protocol was designed to enable users to access liquidity pools across centralized and decentralized exchanges right from their non-custodial wallet. However, an incomplete reentrancy issue caused the protocol to be hijacked by a hacker who stole [&hellip;]<\/p>\n","protected":false},"author":1378,"featured_media":295481,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16041],"tags":[],"post_folder":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.9 (Yoast SEO v21.9.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Orion protocol suffers $3M hack due to third-party vulnerabilities<\/title>\n<meta name=\"description\" content=\"CEO Alexey Koloskov claimed that the stolen funds were from Orion&#039;s Treasury, adding that all users&#039; funds are safe.\u00a0\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Orion protocol suffers $3M hack due to third-party vulnerabilities\" \/>\n<meta property=\"og:description\" content=\"CEO Alexey Koloskov claimed that the stolen funds were from Orion&#039;s Treasury, adding that all users&#039; funds are safe.\u00a0\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/\" \/>\n<meta property=\"og:site_name\" content=\"CryptoSlate\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-03T13:10:32+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-03T13:06:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2023\/02\/image_2023-02-03_180547492.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Christian Nwobodo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cryptoslate\" \/>\n<meta name=\"twitter:site\" content=\"@cryptoslate\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Christian Nwobodo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/\"},\"author\":{\"name\":\"Christian Nwobodo\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/person\/587b303452d5bdb2285937c263e623dd\"},\"headline\":\"Orion protocol suffers $3M hack due to third-party vulnerabilities\",\"datePublished\":\"2023-02-03T13:10:32+00:00\",\"dateModified\":\"2023-02-03T13:06:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/\"},\"wordCount\":219,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"},\"articleSection\":[\"Hacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/#respond\"]}],\"copyrightYear\":\"2023\",\"copyrightHolder\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/\",\"url\":\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/\",\"name\":\"Orion protocol suffers $3M hack due to third-party vulnerabilities\",\"isPartOf\":{\"@id\":\"https:\/\/cryptoslate.com\/#website\"},\"datePublished\":\"2023-02-03T13:10:32+00:00\",\"dateModified\":\"2023-02-03T13:06:00+00:00\",\"description\":\"CEO Alexey Koloskov claimed that the stolen funds were from Orion's Treasury, adding that all users' funds are safe.\u00a0\",\"breadcrumb\":{\"@id\":\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/cryptoslate.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Orion protocol suffers $3M hack due to third-party vulnerabilities\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/cryptoslate.com\/#website\",\"url\":\"https:\/\/cryptoslate.com\/\",\"name\":\"CryptoSlate\",\"description\":\"Cryptocurrency News and Real-time Coin Data\",\"publisher\":{\"@id\":\"https:\/\/cryptoslate.com\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":[\"Organization\",\"NewsMediaOrganization\"],\"@id\":\"https:\/\/cryptoslate.com\/#organization\",\"name\":\"CryptoSlate\",\"url\":\"https:\/\/cryptoslate.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg\",\"contentUrl\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg\",\"width\":1000,\"height\":1000,\"caption\":\"CryptoSlate\"},\"image\":{\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/twitter.com\/cryptoslate\",\"https:\/\/www.instagram.com\/cryptoslate\",\"https:\/\/www.linkedin.com\/company\/cryptoslate\",\"https:\/\/www.youtube.com\/c\/cryptoslate\",\"https:\/\/cryptoslate.substack.com\",\"https:\/\/t.me\/cryptoslatenews\",\"https:\/\/www.tiktok.com\/@cryptoslatenews\"],\"publishingPrinciples\":\"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles\",\"ownershipFundingInfo\":\"https:\/\/cryptoslate.com\/disclaimers\/how-cryptoslate-makes-and-spends-money\/\",\"actionableFeedbackPolicy\":\"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback\",\"correctionsPolicy\":\"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback\",\"ethicsPolicy\":\"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles\",\"foundingDate\":\"2017-08-04\",\"founder\":[{\"@type\":\"Person\",\"name\":\"Nate Whitehill\"},{\"@type\":\"Person\",\"name\":\"Matthew Blancarte\"}],\"contactPoint\":[{\"@type\":\"ContactPoint\",\"contactType\":\"customer support\",\"url\":\"https:\/\/cryptoslate.com\/contact\/\",\"availableLanguage\":\"en-US\"},{\"@type\":\"ContactPoint\",\"contactType\":\"sales\",\"url\":\"https:\/\/cryptoslate.com\/advertising\/\",\"availableLanguage\":\"en-US\"},{\"@type\":\"ContactPoint\",\"contactType\":\"newsroom\",\"url\":\"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback\",\"email\":\"tips@cryptoslate.com\",\"availableLanguage\":\"en-US\"}],\"masthead\":\"https:\/\/cryptoslate.com\/about\/#masthead\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/person\/587b303452d5bdb2285937c263e623dd\",\"name\":\"Christian Nwobodo\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/cryptoslate.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2022\/12\/chriscen-author-150x150.jpg\",\"contentUrl\":\"https:\/\/cryptoslate.com\/wp-content\/uploads\/2022\/12\/chriscen-author-150x150.jpg\",\"caption\":\"Christian Nwobodo\"},\"description\":\"Christian is a crypto-curious nerd who loves to investigate how protocols work under the hood. Christian is interested in DeFi protocol research, token economics, and on-chain analytics.\",\"url\":\"https:\/\/cryptoslate.com\/author\/christian-nwobodo\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Orion protocol suffers $3M hack due to third-party vulnerabilities","description":"CEO Alexey Koloskov claimed that the stolen funds were from Orion's Treasury, adding that all users' funds are safe.\u00a0","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/","og_locale":"en_US","og_type":"article","og_title":"Orion protocol suffers $3M hack due to third-party vulnerabilities","og_description":"CEO Alexey Koloskov claimed that the stolen funds were from Orion's Treasury, adding that all users' funds are safe.\u00a0","og_url":"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/","og_site_name":"CryptoSlate","article_published_time":"2023-02-03T13:10:32+00:00","article_modified_time":"2023-02-03T13:06:00+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2023\/02\/image_2023-02-03_180547492.png","type":"image\/png"}],"author":"Christian Nwobodo","twitter_card":"summary_large_image","twitter_creator":"@cryptoslate","twitter_site":"@cryptoslate","twitter_misc":{"Written by":"Christian Nwobodo","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/#article","isPartOf":{"@id":"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/"},"author":{"name":"Christian Nwobodo","@id":"https:\/\/cryptoslate.com\/#\/schema\/person\/587b303452d5bdb2285937c263e623dd"},"headline":"Orion protocol suffers $3M hack due to third-party vulnerabilities","datePublished":"2023-02-03T13:10:32+00:00","dateModified":"2023-02-03T13:06:00+00:00","mainEntityOfPage":{"@id":"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/"},"wordCount":219,"commentCount":0,"publisher":{"@id":"https:\/\/cryptoslate.com\/#organization"},"articleSection":["Hacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/#respond"]}],"copyrightYear":"2023","copyrightHolder":{"@id":"https:\/\/cryptoslate.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/","url":"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/","name":"Orion protocol suffers $3M hack due to third-party vulnerabilities","isPartOf":{"@id":"https:\/\/cryptoslate.com\/#website"},"datePublished":"2023-02-03T13:10:32+00:00","dateModified":"2023-02-03T13:06:00+00:00","description":"CEO Alexey Koloskov claimed that the stolen funds were from Orion's Treasury, adding that all users' funds are safe.\u00a0","breadcrumb":{"@id":"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/cryptoslate.com\/orion-protocol-suffers-3m-hack-due-to-third-party-vulnerabilities\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cryptoslate.com\/"},{"@type":"ListItem","position":2,"name":"Orion protocol suffers $3M hack due to third-party vulnerabilities"}]},{"@type":"WebSite","@id":"https:\/\/cryptoslate.com\/#website","url":"https:\/\/cryptoslate.com\/","name":"CryptoSlate","description":"Cryptocurrency News and Real-time Coin Data","publisher":{"@id":"https:\/\/cryptoslate.com\/#organization"},"inLanguage":"en-US"},{"@type":["Organization","NewsMediaOrganization"],"@id":"https:\/\/cryptoslate.com\/#organization","name":"CryptoSlate","url":"https:\/\/cryptoslate.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/","url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg","contentUrl":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2018\/05\/c-logo.jpg","width":1000,"height":1000,"caption":"CryptoSlate"},"image":{"@id":"https:\/\/cryptoslate.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/twitter.com\/cryptoslate","https:\/\/www.instagram.com\/cryptoslate","https:\/\/www.linkedin.com\/company\/cryptoslate","https:\/\/www.youtube.com\/c\/cryptoslate","https:\/\/cryptoslate.substack.com","https:\/\/t.me\/cryptoslatenews","https:\/\/www.tiktok.com\/@cryptoslatenews"],"publishingPrinciples":"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles","ownershipFundingInfo":"https:\/\/cryptoslate.com\/disclaimers\/how-cryptoslate-makes-and-spends-money\/","actionableFeedbackPolicy":"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback","correctionsPolicy":"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback","ethicsPolicy":"https:\/\/cryptoslate.com\/editorial-policy\/#editorial-principles","foundingDate":"2017-08-04","founder":[{"@type":"Person","name":"Nate Whitehill"},{"@type":"Person","name":"Matthew Blancarte"}],"contactPoint":[{"@type":"ContactPoint","contactType":"customer support","url":"https:\/\/cryptoslate.com\/contact\/","availableLanguage":"en-US"},{"@type":"ContactPoint","contactType":"sales","url":"https:\/\/cryptoslate.com\/advertising\/","availableLanguage":"en-US"},{"@type":"ContactPoint","contactType":"newsroom","url":"https:\/\/cryptoslate.com\/editorial-policy\/#corrections-feedback","email":"tips@cryptoslate.com","availableLanguage":"en-US"}],"masthead":"https:\/\/cryptoslate.com\/about\/#masthead"},{"@type":"Person","@id":"https:\/\/cryptoslate.com\/#\/schema\/person\/587b303452d5bdb2285937c263e623dd","name":"Christian Nwobodo","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cryptoslate.com\/#\/schema\/person\/image\/","url":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2022\/12\/chriscen-author-150x150.jpg","contentUrl":"https:\/\/cryptoslate.com\/wp-content\/uploads\/2022\/12\/chriscen-author-150x150.jpg","caption":"Christian Nwobodo"},"description":"Christian is a crypto-curious nerd who loves to investigate how protocols work under the hood. Christian is interested in DeFi protocol research, token economics, and on-chain analytics.","url":"https:\/\/cryptoslate.com\/author\/christian-nwobodo\/"}]}},"_links":{"self":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/295451"}],"collection":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/users\/1378"}],"replies":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/comments?post=295451"}],"version-history":[{"count":1,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/295451\/revisions"}],"predecessor-version":[{"id":295476,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/posts\/295451\/revisions\/295476"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/media\/295481"}],"wp:attachment":[{"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/media?parent=295451"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/categories?post=295451"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/tags?post=295451"},{"taxonomy":"post_folder","embeddable":true,"href":"https:\/\/cryptoslate.com\/wp-json\/wp\/v2\/post_folder?post=295451"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}