• Binance CEO, Changpeng Zhao, confirmed that no Binance users or assets were affected by the Orion Protocol (ORN) $3 million hack.
• Peckshield cybersecurity firm identified the hack and sent a full report to Orion Protocol before making a public announcement.
• The hacker launched a reentrancy attack on Orion and withdrew funds from a smart contract severally.
No Losses for Binance Users
Binance CEO, Changpeng Zhao, said that no Binance users or assets were affected by the Orion Protocol (ORN) $3 million hack. He tweeted that the Orion Protocol (ORN) hack was due to a lack of re-login protection and led to the loss of approximately $3M. However, all Binance users and assets were safe from the hack. He further said that the Binance security team monitors the hackers‘ addresses.
Peckshield Cybersecurity Firm Identifies Hack
PeckShield cybersecurity firm identified the hack, developed a full report from their observation, and sent it to Orion Protocol before making a public announcement on Twitter. The hacker launched a reentrancy attack on Orion and withdrew funds from a smart contract severally. Peckshiled announced that they paused the protocol by the announcement time.
Commitment to Promote DeFi
The tweet attracted a response from Surge DeFi, sympathizing with those who incurred losses in the incident and reinstating their commitment to promoting decentralized finance (DeFi) to avoid such incidents in the past. DeFi aims to increase safety of crypto investors by investing in less centralized protocols.
Root Cause Identified & Fixed
CEO of cybersecurity company Hypernative, Gal Sagie, said that the hacker deployed an adding Attack Wagon (ATK), which allowed him/her access multiple instances of smart contracts using only one account key without needing reauthorization for each instance accessed consecutively . The company assured Orion users that security team had positively identified root cause and was fixing bug..
Changpeng Zhao concluded his tweet saying “Stay #SAFU” as an advice for all crypto investors regarding secure asset fund utilization measures taken by exchanges like Binance against potential threats in cyberspace