On Thursday, Orion Protocol, a lesser-known decentralized exchange platform, was hit by a major security breach. The attacker got away with a total of $3 million in project assets locked in its smart contracts on Ethereum and BNB Chain.
According to security firm PeckShield, the exploit was carried out using a reentrancy technique.
This type of vulnerability in a smart contract occurs when an attacker repeatedly calls a function and extracts assets before the contract updates its internal state. This can result from a bug in the smart contract or from inadequate security measures.
Orion Protocol acknowledged the hack and temporarily paused its deposit function. The CEO of the company, Alexey Koloskov, stated that no user funds were lost and only the company’s funds were taken. He reassured users that their funds were safe and secure.
Koloskov also mentioned that the vulnerability may have been introduced as a result of the development team’s use of third-party software libraries to write the smart contracts.
Moving forward, the company will rely on in-house developers to write their contracts to prevent similar incidents from occurring in the future.