As a precautionary measure, Origin protocol has disabled all deposits to its vaults and warned users not to purchase OUSD on Uniswap or SushiSwap.
Origin Protocol has reported a system compromise that resulted in a loss of $7 million of customers’ funds. According to the company, the attackers identified a vulnerable spot in the origin protocol thus enabled the hack of Origin Dollar (OUSD).
Apparently, the hackers made away with $1 million of funds deposited by the company, its founders and employees.
As a precautionary measure, Origin Protocol has disabled all deposits to its vaults and warned users not to purchase OUSD on Uniswap or SushiSwap. Primarily because the current prices of them do not reflect the underlying OUSD value.
Notably, as of the time of writing, OUSD had plummeted approximately 85% to trade around $0.150587 according to figures provided by CoinMarketCap. In addition, the origin protocol governance coin (OGN) has dipped approximately 13.6% to trade around $0.157761.
Updates on the Origin Protocol OUSD Attack
In a bid to recover the lost funds, origin protocol has said that it is closely working with different crypto exchanges and other third parties to identify the possible attackers and freeze the funds before they are liquidated.
“We have traced funds and know that the attacker used both Tornado Cash and renBTC to wash and move funds,” said Matthew Liu, co-founder of Origin Protocol, through a Medium blog post.
Notably, Liu highlighted that there are still 7,137 ETH and 2.249M DAI being held by one of the attackers in the wallet.
The attackers studied the origin protocol and identified a missing validation check in mint multiple to validate fake stablecoin under their control. The fake stablecoin that was named transferForm allowed the attackers to exploit the contract with a reentrancy attack in the middle of the mint.
According to the investigators, the hackers created a rebase event inside the second mint after the funds had been transferred to Origin Dollar (OUSD) from the first large mint. As a result, the hackers created a vast rebase for everyone in the contract and received a significant portion of the digital assets. Thereafter the hackers managed to cash-out most of the stablecoins through Origin dollar (OUSD).
Notably, part of the stablecoins in OUSD have already been liquidated through the SushiSwap and Uniswap for Tether.
As the company plans on the compensation package for the affected uses, it pleaded with the attackers to refund the stolen cash. Moreover, it has promised to hire the attackers as security consultants based on their exemplary skills only if they return the funds 100%. In addition, the company has indicated it will not pursue legal action against the attackers if they refund in full the cash.
next