Bankless Times
Orion Hacker Steals $3M, Wants to Give It Back
HomeNewsOrion Hacker Steals $3M, Wants to Give It Back

Orion Hacker Steals $3M, Wants to Give It Back

Daniela Kirova
Daniela Kirova
February 9th, 2023
Why trust us
Advertiser Disclosure
  • The hacker created a fake token and deposited it artificially to manipulate a flash-loaned stablecoin exchange
  • Attack happened because of a weakness in mixing third-party libraries

The hacker who stole ether worth $3 million from the Orion Protocol wants to give the money back, Crypto News wrote, reposting a screenshot originally posted by blockchain sleuth Peckshield. The tweet shows the attacker’s address and a statement that he is ready to give a refund. The attacker asked for a wallet address, most likely to deposit the stolen funds.

The hacker’s change of heart remains a mystery. Moreover, it’s unclear whether he’ll return all the money or only some of it.

Flash loan was used to perpetrate attack

The hacker created ATK, a fake token, and deposited it artificially to manipulate a flash-loaned stablecoin exchange. The balance rapidly gained value, reaching $3 million, when the attacker withdrew it.

After a blockchain analysis, it was estimated that Orion lost $2.8 million for the Ethereum implementation and $200,000 for the Binance Smart Chain one. The attacker ran the stolen ether through Tornado Cash shortly after the incident.

No Orion users lost funds

Orion CEO Alexey Koloskov assured users via Twitter that the protocol’s codes weren’t to blame for the exploit. He explained that it happened because of a weakness in mixing third-party libraries. This occurred in one of Orion’s private brokers’ smart contracts.

According to Koloskov, only this broker’s account bore the consequences of the attack. No customer funds were lost.

To avoid similar events in the future, Orion Protocol has decided to stop using external developers for its smart contracts. The broker, who hasn’t been identified, should be relieved by the news that the attacker wants to return the money.

The latest DeFi attack

The Orion attack is the latest in a series of highly publicized DeFi exploits that have taken place this year. LendHub lost $6 million in an exploit on Jan. 12, and Midas Capital and Thoreum Finance were targeted as well.

Contributors

Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.