Reentrancy Attack on Orion Protocol Leads to $3 Million Loss

February 2, 2023

Summary #

On February 2, 2023, Orion Protocol, a decentralized blockchain platform that aggregates liquidity across both centralized and decentralized exchanges, fell victim to a sophisticated smart contract exploit. The attacker manipulated a reentrancy vulnerability within the protocol’s core smart contracts, which enabled them to divert approximately $3 million in tokens across the Ethereum and Binance Smart Chain networks.

Attackers #

The identity of the attacker is unknown. Two addresses were primarily involved in the attack:

erc20:

bep20:

Fake Token addresses:

erc20: 0x64acd987a8603eeaf1ee8e87addd512908599aec
bep20: 0xc4da120a4acf413f9af623a2b9e0a9878b6a0afe

Losses #

$3 million

erc20: 1,651 ETH (~$2,836,206)
bep20: $191,434

Timeline #

February 2, 2023: The attackers started by depositing 0.5 USDC into contracts and initiating a flash loan.
February 2, 2023: Using a false token and a series of swaps, the attackers executed the reentrancy exploit to manipulate the contract’s balance calculation, ultimately siphoning off approximately $3 million.
February 2, 2023: The attackers proceeded to launder their stolen assets through multiple transactions, including funneling approximately 1100 ETH into Tornado Cash.

source

Security Failure Causes #

Reentrancy Vulnerability: The vulnerability was within the Orion Protocol’s smart contracts, particularly in the _doSwapTokens function. This reentrancy vulnerability led to a miscalculation of the user’s USDT balance.

Market Health Metrics API

Benford's Law

Volume distribution analysis

Time-of-Trade

Buy/Sell Ratio

VWAP

Attack Types

Entity Types

Target Entities

51% Attacks

Custodian Attacks

Flash Loan Attacks

Lockout Scams

Phishing Attacks

Reentrancy Attacks

Rug Pull Scam