Another one bites the dust: Origin Dollar (OUSD) exploited for $2.25m in DAI and $1m in Ethereum.
Flash loan attacker/exploiter is already washing the funds via RenBTC.
Flash loan attacker/exploiter is already washing the funds via RenBTC.
This is the fifth flash loan attack of the past three weeks alone.
Harvest, Akropolis, Value, and CheeseBank were all hit for millions in stables.
Harvest, Akropolis, Value, and CheeseBank were all hit for millions in stables.
I believe he stole even more ETH than I first thought. Trying to figure it out.
Attack confirmed by core team member.
I think the amount stolen is a lot higher than the ~$3.5m as I first thought. I misread the attack txes.
Funds stolen (I think):
- $2.25m in DAI
- $3.3m in ETH
- $1.9m in ETH->RenBTC
Funds stolen (I think):
- $2.25m in DAI
- $3.3m in ETH
- $1.9m in ETH->RenBTC
This might have something to do with the rebase mechanism:
The attacker obtained 28,000,000 OUSD by depositing a combination of USDT and DAI, though somehow exited with 33,270,000 OUSD and then some. The remaining OUSD was subsequently withdrawn and liquidated into DAI and ETH.
The attacker obtained 28,000,000 OUSD by depositing a combination of USDT and DAI, though somehow exited with 33,270,000 OUSD and then some. The remaining OUSD was subsequently withdrawn and liquidated into DAI and ETH.
The attack txes are inherently convoluted because part of the attack required deposits into the OUSD Vault. When depositing stables into OUSD, the funds are automatically put into the yield-bearing strategies.
Might have something to do with this as well.
Might have something to do with this as well.
Upon further analysis, it might have been a reentrancy attack that exploited the way in which OUSD rebases.
OUSD rebases continuously as users interact with Origin contracts.
In simple terms, a re-entrancy attack is basically like paying someone with a cheque that will bounce.
OUSD rebases continuously as users interact with Origin contracts.
In simple terms, a re-entrancy attack is basically like paying someone with a cheque that will bounce.
Forgot to mention, I believe I saw a tx where the attacker returned ~536,000 OUSD to a contract address or the Origin deployer.
Technically, that OUSD can't be redeemed for anything but it does have a bit of value on the secondary market (SushiSwap and Uniswap).
Technically, that OUSD can't be redeemed for anything but it does have a bit of value on the secondary market (SushiSwap and Uniswap).
Messages are starting to be sent to the Origin attacker, where $5.5m remains.
One user said they lost $1,000, which they said came from their student loans.
Another claimed to have lost 0.5 ETH trying to trade the crash.
No dice... yet
One user said they lost $1,000, which they said came from their student loans.
Another claimed to have lost 0.5 ETH trying to trade the crash.
No dice... yet
On-chain communication with an attacker was recently popularized with the Value exploit, though it's existed for all of the major hacks as of late.
I remember DForce initially negotiating the return of $25m hacked via embedded messages.
I remember DForce initially negotiating the return of $25m hacked via embedded messages.
Just saw the response from the Origin team. They are committed "to making things right" and have asked the attacker to return the funds.
They also gave a bit more context about the attack.
I wish them and depositors well.
They also gave a bit more context about the attack.
I wish them and depositors well.
https://twitter.com/matthewliu/status/1328568370573299712
• • •
Missing some Tweet in this thread? You can try to
force a refresh
