Origin Defi Protocol Suffers Massive Flash Loan Attack- OUSD Stablecoin Value Plunges 85%
The OUSD stablecoin issuer, Origin Protocol is the latest Defi protocol to fall victim to a flash loan attack. The attack, which occurred in the early hours of Tuesday, on November 17, resulted in the disappearance of tokens worth millions of dollars. Confirming the attack, one of the project’s leaders say they are now working with exchanges in order to identify the attacker, as well as to freeze the tokens before they are liquidated.
The Origin Protocol attack follows a similar incident at Value Defi on November 14 where the criminals stole $6 million worth of tokens. Explaining the attack in a blog post, Origin Protocol Co-founder Matthew Liu insists the stolen funds have been traced to a wallet, which the team is monitoring.
He also reveals that the attacker “used both Tornado Cash and Renbtc to wash and move funds.” According to Liu, there is “still 7,137 ETH and 2.249M DAI sitting in one of the attacker’s wallets.”
Although the Origin Protocol team says it has made progress understanding the attack and tracking the flow of funds, it still warns:
We are continuing to work to try and recover the funds. If you are still providing liquidity on Sushiswap, we advise that you should remove your funds as soon as possible. We also strongly advise that you do not attempt to buy or sell OUSD at this time.
Following the attack, the value of the OUSD stablecoin plunged and traded at $0.15 per token on November 17. Before the price collapse, the stablecoin had consistently been trading at par with the USD.
Meanwhile, Liu goes on to give details of how the attackers were able to pull this off, even as the Origin Protocol team thought the contract was safe. According to Liu, the “attack was a reentrancy bug in our contract.” He admits that their contract is only safe from such bugs “unless one of our supported stablecoins was attacking us.”
After executing the attack, the criminals then “withdrew most of the stablecoins from OUSD.”
Liu’s statement adds:
They were then able to take extra OUSD after withdrawing and sell it on Uniswap and Sushiswap for USDT in subsequent transactions.
The Origin Protocol team says it will conduct a “thorough transaction by transaction analysis will be forthcoming.” The team is also pleading with the attacker(s) to return the stolen funds after demonstrating their “superior skills as hackers.”
What are your thoughts on this latest flash loan attack? Share your views in the comments section below.
Image Credits: Shutterstock, Pixabay, Wiki Commons
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.