Orion Protocol Loses $3 M to Exploit: Postmortem Reveals Insight

• Orion Protocol lost $3 million to a trading pool exploit
• The hacker used a fake token and flash loans to steal funds
• Postmortem reveals the attack involved artificially depositing assets twice

Orion Protocol Loses $3 Million in Latest DeFi Hack

Last week, liquidity aggregator for centralized and decentralized exchanges, Orion Protocol, suffered one of DeFi’s biggest hacks of the year. The hacker stole $3 million from Orion Protocol’s liquidity pool by creating a fake token and using flash loans and a reentrancy hook.

How was the Attack Carried Out?

Over the weekend, an on-chain postmortem conducted on Orion Protocol revealed that the attacker created a fake token (AKT), manipulated swaps of flash-loaned stablecoins, and artificially deposited the assets twice to withdraw $3 million.

Were Users Affected?

Orion Protocol CEO Alexey Koloskov explained that only an internal broker account was affected, and users‘ accounts remain safe. He said the exploit was caused by a „vulnerability in mixing third-party libraries in one of the smart contracts used by our experimental and private brokers.“ On-chain data shows the hacker has moved most of the funds to Tornado Cash. However, approximately $1 million worth of ETH remains in their Ethereum address.

What Was Recovered?

At this time it is unclear what amount if any had been recovered from the hackers’ address. It appears that most of it had already been mixed into other wallets making it difficult to trace or recover any stolen funds at this time.


The latest hack against Orion Protocol serves as yet another reminder as to why security is so important when dealing with cryptoassets or protocols like DeFi. While it is unclear how much will be recovered at this time, users should always practice caution when engaging with any financial product regardless if its centralized or decentralized.