The OUSD stablecoin issuer, Origin Protocol is the latest Defi protocol to fall victim to a flash loan attack. The attack, which occurred in the early hours of Tuesday, on November 17, resulted in the disappearance of tokens worth millions of dollars. Confirming the attack, one of the project’s leaders say they are now working with exchanges in order to identify the attacker, as well as to freeze the tokens before they are liquidated.
Funds Located
The Origin Protocol attack follows a similar incident at Value Defi on November 14 where the criminals stole $6 million worth of tokens. Explaining the attack in a blog post, Origin Protocol Co-founder Matthew Liu insists the stolen funds have been traced to a wallet, which the team is monitoring.
He also reveals that the attacker “used both Tornado Cash and Renbtc to wash and move funds.” According to Liu, there is “still 7,137 ETH and 2.249M DAI sitting in one of the attacker’s wallets.”
Although the Origin Protocol team says it has made progress understanding the attack and tracking the flow of funds, it still warns:
We are continuing to work to try and recover the funds. If you are still providing liquidity on Sushiswap, we advise that you should remove your funds as soon as possible. We also strongly advise that you do not attempt to buy or sell OUSD at this time.
Following the attack, the value of the OUSD stablecoin plunged and traded at $0.15 per token on November 17. Before the price collapse, the stablecoin had consistently been trading at par with the USD.
Reentrancy Bug
Meanwhile, Liu goes on to give details of how the attackers were able to pull this off, even as the Origin Protocol team thought the contract was safe. According to Liu, the “attack was a reentrancy bug in our contract.” He admits that their contract is only safe from such bugs “unless one of our supported stablecoins was attacking us.”
After executing the attack, the criminals then “withdrew most of the stablecoins from OUSD.”
Liu’s statement adds:
They were then able to take extra OUSD after withdrawing and sell it on Uniswap and Sushiswap for USDT in subsequent transactions.
The Origin Protocol team says it will conduct a “thorough transaction by transaction analysis will be forthcoming.” The team is also pleading with the attacker(s) to return the stolen funds after demonstrating their “superior skills as hackers.”
What are your thoughts on this latest flash loan attack? Share your views in the comments section below.
The post Origin Defi Protocol Suffers Massive Flash Loan Attack- OUSD Stablecoin Value Plunges 85% appeared first on Bitcoin News.
via Terence Zimwara
0 comments:
Post a Comment