Origin DeFi Protocol Loses $7 Million to Hacker in Security Breach

Origin decentralized finance (DeFi) Protocol has announced that its Origin Dollar (OUSD) stablecoin project has been hacked, resulting in a loss of funds worth $7 million in combined Ethereum and DAI stablecoin cryptocurrency, including $1 million deposited by the company employees and founders.

In its official blog, Mathew Lui, the founder of Origin Protocol, confirmed the incident and said that the cause of the attack was a flash-loan transaction. The attacker used a flash loan and exploited vulnerabilities within OUSD contracts to initiate what is called a “reentrancy attack”, which led to the loss of funds.

The blog said:

“The attack was a reentrancy bug in our contract. The attacker exploited a missing validation check in mint multiple to pass in a fake “stablecoin” under their control, allowing the hacker to exploit the contract with a reentrancy attack in the middle of the mint."

Origin Protocol said that they have traced the funds and know that the hacker used both renBTC and Tornado Cash (mixers) to wash and move the funds.

The company stated that it is taking exhaustive measures to recover the stolen funds before holding a discussion about a compensation plan for the affected customers. The firm has advised people not to buy OUSD on SushiSwap or Uniswap as those prices do not reflect the token’s underlying assets. Furthermore, the company has left a message requesting the hacker to return the funds and promised not to take legal action against the attacker if he or she returns 100% of the funds.

Lastly, the company has expressed sincere gratitude to the crypto community as it has obtained outpouring assistance from its security experts, DeFi engineers, investors, and others in such trying times.

Flash Loan Attacks Adversely Affecting DeFi Sector

In September this year, Origin Protocol launched OUSD stablecoin backed by deposits of DAI, USDC, and USDT and is designed to serve as a saving account. The OUSD stablecoin enables users to passively earn competitive returns while holding funds in their Original Dollar (OUSD) wallets.

Original Protocol is the latest to suffer from flash loan attacks, which have become common in the DeFi sector. Flash loan is a new emerging service within the DeFi landscape that allows users to instantly borrow funds without the need for collaterals to access the loans. However, criminals try to use borrowed funds to manipulate the DeFi market – commonly identified as flash loan attacks.

Typically, flash loan attacks happen when malicious actors loan funds from the decentralized finance platforms (like Origin Protocol), but use exploits vulnerability within the platform code to escape the loan mechanism and get away with the funds. Some of the DeFi platforms that have experienced massive hacks and loss of funds include Harvest Finance DeFi protocol, Value DeFi platform, and others.