DeFi Protocol Origin Lost Nearly $7 Million In a Major Exploit

Following Value DeFi’s flash loan attack, Origin Protocol has become the latest decentralized finance (DeFi) protocol to suffer an exploit. This exploit also occurred through a flash loan of Ether. In this exploit, the protocol lost $7 million worth of funds. This time the attacker did not return any funds back to the protocol. Reportedly, the native digital token of Origin OUSD was attacked and drained out by hackers.

A Flash Loan was used by the attacker

Reportedly, the attacker used a flash loan to conduct this exploit. A flash loan of around 70,000 ETH was taken out by the attacker from a major decentralized exchange (DEX) dYdX. The attacker, then, exchanged this flash loan into two stablecoins DAI and Tether (USDT) in a swap on the top-ranked decentralized exchange Uniswap.

Extra OUSD coins were minted with Tether by rebasing the contract of Origin. While analyzing the attack in further detail,  the cryptocurrency researcher Frank Topbottom said that a “transferFrom()” function was there in the contract that was used by the attacker due to which he was able to make use of it as a token.

While providing an update on the attack, the Co-Founder of Origin Matthew Liu said:

“The attacker exploited a missing validation check in mint multiple (when minting OUSD with multiple stablecoins) to pass in a fake ‘stablecoin’ under their control. This ‘stablecoin’ was then called ‘transferFrom’ on by the vault, allowing the hacker to exploit the contract with a reentrancy attack in the middle of the mint.”

Attacker drained $7 million

The attacker was able to drain nearly $7 million in Ether and DAI. An amount of 7,137 ETH and 2.25 million worth of DAI tokens were stolen. Not only users’ funds were involved in these exploited funds but $1 million worth of deposits made by the employees and founders of Origin were also present in it.

Liu has warned users not to purchase any OUSD coin on Sushiswap or Uniswap. He also said that they would be taking some measures in a bid to retrieve these stolen funds.

All trademarks, logos, and images displayed on this site belong to their respective owners and have been utilized under the Fair Use Act. The materials on this site should not be interpreted as financial advice. When we incorporate content from other sites, we ensure each author receives proper attribution by providing a link to the original content. This site might maintain financial affiliations with a selection of the brands and firms mentioned herein. As a result, we may receive compensation if our readers opt to click on these links within our content and subsequently register for the products or services on offer. However, we neither represent nor endorse these services, brands, or companies. Therefore, any disputes that may arise with the mentioned brands or companies need to be directly addressed with the respective parties involved. We urge our readers to exercise their own judgement when clicking on links within our content and ultimately signing up for any products or services. The responsibility lies solely with them. Please read our full disclaimer and terms of use policy here.

Leave a Reply

Your email address will not be published. Required fields are marked *