The attack began in the early morning with a lightning loan, said the Origin Dollar management.
The stablecoin’s co-founders assure that the funds will be recovered and returned.
The stablecoin Origin Dollar (OUSD) suffered a hack early Tuesday morning that has generated losses amounting to 7 million dollars. Project leadership says they are already tracking operations and hope to recover all funds, including money from OUSD employees and founders.
Matthew Liu, co-founder of Origin Dollar, assured that the hackers managed to withdraw some 7,137 ethers and $ 2.2 million in DAI from their smart contracts. $ 1 million of that total amount belongs to the OUSD board, who have also been affected by the attack that occurred today.
The project has decided to deactivate its deposits. Likewise, they have urged their community not to buy more OUSD in decentralized exchanges (DEX), such as Uniswap or Sushiswap, claiming that the current prices of the token on these platforms “do not reflect the assets underlying the token.” When consulting the price of the stablecoin Origin Dollar on Coingecko, it can be noticed that the value of the token has decreased by 85% after the attack, thus completely losing its parity with the dollar.
Josh Fraser, another Origin Dollar co-founder, said the project is not planning to stop operations due to the attack. The manager said that “it is not an internal scam” and that they are looking for ways to recover the funds. Matthew Liu, in keeping with Fraser, asserted that they have been tracking the hacker operations and know that the funds have gone to two mixing services. In other words, the attackers would already be laundering the money obtained.
Despite this behavior, Origin Dollar management remains hopeful that the attackers will return the money. The company has even offered them a position as security consultants for the stablecoin, promising not to take legal action against those involved after returning the money. An offer that is not known if the attackers will accept.
A reentry attack on Origin Dollar
Although at first it was not known how the attackers had been able to subtract 7 million dollars from the Origin Dollar contracts, for hours this afternoon the hypothesis that everything has been a re-entry attack is considered. A malicious action that an individual can do to a smart contract by executing a vulnerable function indefinitely, a mistake that could allow withdrawing funds as many times as they want.
The hackers found a vulnerability in Origin Dollar’s smart contracts that allowed them to carry out a reentry attack. Source: TheDigitalWay / Pixabay.com
In the case of Origin Dollar, everything indicates that the hackers took advantage of a failure in the contract to initiate the reentry operation, artificially inflating the supply of tokens within the protocol. The operation began by means of a lightning loan at 12:49 at night, which sent the stolen funds to various decentralized exchanges (DEX), such as Uniswap.
Origin Dollar is a stablecoin project combined with a decentralized finance infrastructure (DeFi). The platform works as a kind of savings account for stable cryptocurrencies, for which users have the power to deposit USDT, USDC and DAI tokens that have a 1: 1 parity with the dollar.
The project promised at the time of its launch, which was by the end of September, “a superior stablecoin for the Ethereum network”; offering its users returns based on the stablecoins they deposited. Now that the initiative has suffered this massive theft, it will be necessary to see if the project can recover the lost funds, return them to its clients and increase the security of their contracts.