The liquidity aggregation protocol Orion Protocol was hacked, resulting in a loss of approximately 3 million dollars
ChainCatcher news reports that the liquidity aggregation protocol Orion Protocol has been hacked, resulting in a loss of approximately $3 million, according to monitoring by MistTrack. The funds were converted to ETH through multiple exchanges and cross-chain bridges. As of now, 1,100 ETH has been sent to Tornado Cash, with over 657 ETH (about $1.1 million) still remaining in the hacker's address.
In response, Orion Protocol CEO Alexey Koloskov stated that all users' funds are safe, including those in staking, Orion Pool, bridges, and liquidity providers. This issue is not due to a flaw in the core protocol code, but may be caused by vulnerabilities in the smart contracts used by experimental and private brokers that mix third-party libraries.
Alexey Koloskov also assured users, "No users have suffered any losses in this incident; the assets at risk are located in internal broker accounts operated by the Orion team to facilitate decentralized access to centralized liquidity. Orion Protocol is continuously investigating the attack activity, and the deposit function will not be reopened until the vulnerabilities are fixed and audited. Users can currently withdraw funds from the Orion Exchange contract." (source link)