[ad_1]
OUSD stablecoin issuer, Origin Protocol is the latest Defi protocol to fall victim to a flash lending attack. The attack, which took place in the early hours of Tuesday, November 17, resulted in the disappearance of tokens worth millions of dollars. Confirming the attack, one of the leaders of the project says they are now working with exchanges to identify the attacker and freeze the tokens before they are liquidated.
Funds identified
The origin protocol attack follows a Value Defi-like incident on November 14 in which criminals stole $ 6 million worth tokens. Explaining the attack in a blog post, origin protocol cofounder Matthew Liu insists that the stolen funds were traced to a wallet, which the team is tracking.
He also reveals that the attacker “used both Tornado Cash and Renbtc to wash and move funds”. According to Liu, there are “still 7,137 ETH and 2,249 million DAI in one of the attacker’s wallets”.
Although the Origin Protocol team claims to have made progress in understanding the attack and monitoring the flow of funds, it still warns:
We are continuing to work to try to recover the funds. If you are still providing liquidity on Sushiswap, we recommend that you remove your funds as soon as possible. We also strongly recommend that you do not attempt to buy or sell OUSD at this time.
After the attack, the value of the OUSD stablecoin plummeted on November 17 and traded at $ 0.15 per token. Before the price crash, the stablecoin had been consistently trading at par with the USD.
Reentrancy Bug
Meanwhile, Liu continues to provide details on how the attackers managed to pull it off, even though the Origin Protocol team thought the contract was secure. According to Liu, “the attack was an indentation bug in our contract”. He admits their contract is safe from such bugs “unless one of our supported stablecoins is attacking us”.
After carrying out the attack, the criminals then “withdrew most of the stablecoins from OUSD”.
Liu’s statement adds:
They were then able to take extra OUSD after withdrawal and sell it on Uniswap and Sushiswap for USDT in subsequent transactions.
The origin protocol team says it will conduct “a thorough transaction-by-transaction analysis”. The team is also pleading with the attackers to return the stolen funds after demonstrating their “superior skills as a hacker”.
What are your thoughts on this latest flash loan attack? Share your views in the comments section below.
Image credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, nor a recommendation or endorsement of products, services or companies. Bitcoin.com does not provide investment, tax, legal or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or allegedly caused by or in connection with the use or reliance on any content, goods or services mentioned in this article.
[ad_2]Source link
