Origin Protocol Offers to Hire OUSD Hacker as a Security Consultant in Exchange for the Stolen $7 Million

Its stablecoin Origin Dollar (OUSD) has lost 85% of its value and fallen under $0.15 following the reentrancy bug in their contract — the attacker exploited a missing validation check in mint multiple.

Yet another DeFi hack this week.

Matthew Liu, the co-founder of Origin Protocol, confirmed an attack on the Origin Dollar (OUSD) vault.

“OUSD has been hacked, and there has been a loss of user funds. We are actively investigating the issue. We are committed to making things right,” wrote Liu in the official Medium post.

In the attack, the hacker got away with over $3.3 million worth of ETH and 249,822 DAI after having laundered a substantial amount through Tornado.Cash, wBTC, and renBTC.

The team is now asking exchanges to blacklist any transactions from the wallets identified as belonging to the attacker.

“The attack was a reentrancy bug in our contract.

Unfortunately, our contract was safe from reentrancy bugs unless one of our supported stablecoins was attacking us.”

He explained that the attack originated from a contract deployed at Nov-17–2020 at 12:40:56 AM +UTC, which involved a flash loan of 70,000 ETH borrowed from dYdX. It further involves the stablecoin swaps, the minting of 7,500,000 OUSD as intended.

“At this point, the attacker held a little over half of all OUSD in existence”

The attacker basically exploited a missing validation check in mint multiple, minting OUSD with multiple stablecoins, to pass in a fake “stablecoin” under their control, which then called “transferFrom” on by the vault, allowing the hacker to exploit the contract with a reentrancy attack in the middle of the mint.

image1

The attacker was able to create a rebase event inside the second mint after funds had moved to OUSD from the first mint but before the supply of OUSD increased. This created a massive rebase for everyone in the contract, including the attacker. As such, the attacker received their first large OUSD mint, more OUSD than the contract had assets.

The attacker was able to take extra OUSD after withdrawing and selling it on Uniswap and SushiSwap for USDT.

The Origin Protocol team continues to recover the funds and asked the users to stop providing liquidity on SushiSwap, remove their funds, and not indulge in buying or selling OUSD.

The team has also asked the hacker to do the right thing by returning the funds, now that they have “demonstrated your superior skills as a hacker, and we’d happily hire you as a security consultant.”

As a result, the stablecoin pegged to $1.00 has dropped over 85% in value to $0.15.

More than $40 million has been lost in the last month alone in DeFi hacks such as Value DeFi, Akropolis, Harvest Finance, and CheesBank.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

AnTy
AnTy
AnTy has been involved in the crypto space full-time for over two years now. Before her blockchain beginnings, she worked with the NGO, Doctor Without Borders as a fundraiser and since then exploring, reading, and creating for different industry segments.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer

LEAVE A REPLY

Please enter your comment!
Please enter your name here

3,511FansLike
2,795FollowersFollow
4,274FollowersFollow

Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today