Connect with us

Hi, what are you looking for?



Another DeFi Protocol Loses $7 Million In Flash Loan Exploit



Malicious actors are increasingly leveraging flash loans to fund attacks on decentralized finance [DeFi] protocols. Another one is biting the dust. This time, the Origin Protocol’s yield-generating stablecoin protocol, OUSD, was attacked and drained by nearly $7 million, of which $1 million was deposited by the company’s founders and employees.

After tracing the movement of the funds, the Founder of Origin Protocol Matthew Liu revealed that the attacker used both Tornado Cash and renBTC to wash and move funds. Additionally, there was still 7,137 ETH and 2.249 million DAI sitting in one of the attacker’s wallets.

Nature of the Attack

The exec explained,

“The attack was a reentrancy bug in our contract. Unfortunately, our contract was safe from reentrancy bugs unless one of our supported stablecoins was attacking us.”

Reentrancy attacks are known to be the most devastating attacks when developing smart contracts. They are devastating for two reasons: they can completely drain a smart contract of its funds, and they can sneak their way into the code if the developers are not careful.

In the case of OUSD, the entity reportedly exploited a missing validation check in mint multiple (when minting OUSD with multiple stablecoins) to pass in a fake “stablecoin” under their control. This “stablecoin” was then called “transferFrom” on by the vault. This essentially allowed the attacker to exploit the contract with a “reentrancy attack” in the middle of the mint.

As a response to the attack, Liu reminded the users not to buy OUSD on Uniswap or Sushiswap as the current prices do not reflect OUSD’s underlying assets.

Here’s what prominent DeFi influencer Autism Capital had to say about the entire fiasco:



Em8HlxjXMAABsvO scaled


Of late, flash loans have become one of the most popular as well as powerful new liquidity mechanisms that have recently emerged in the decentralized finance [DeFi] ecosystem.

Origin’s breach is the fifth major flash loan attack to hit the DeFi ecosystem in the past three weeks, after security breaches targeting platforms such as Harvest, Akropolis, Value, and CheeseBank. Additionally, it is the tenth DeFi platform to have been exploited in terms of year to date.


News Source


Trending Post


ChainLink is basically very exciting.  Users have to state that it stirs the imagination and passions of the community in ways that other projects...


Senseering offers an IOTA-based solution to create a marketplace for data that can be shared among partners. Senseering’s solution will be used in collaboration...


Cryptocurrency investment is becoming a common trend. In the fourth quarter of the year, when investments are said to start doing well, how are...


VeChain (VET), BTCMVMNT, and Team Zuby have joined forces to create a limited-edition merchandise collection dubbed “Take the Power Back.” The team says the...

Copyright © ELEVENEWS