Ethereum-based DeFi Origin Dollar (OUSD) recently recorded a crypto hack. The hack indicates about $7 million stolen funds alongside a $1 million loss from users’ funds.
According to the report, the attackers were able to wash away funds using renBTC and Tornado Cash. In this case, the attackers, through their ill-gotten acts, issued a fake stablecoin named “transferFrom” within the OUSD vault.
To explain, the hackers unfairly used a missing validation check in mint multiple to carry out the fake issued stablecoins under the firm’s control. In addition, the firm said the attack was deemed as a reentrancy bug within their contract.
Origin Protocol co-founder Matthew Liu said,
The team is all hands on deck attempting to figure out what vulnerability was exploited and how the hacker was able to access users’ deposits.
In the second mint, the attackers created a rebase protocol that misled individual user’s OUSD funds right from the first mint when OUSD supply increased.
Subsequently, the attackers withdrew several stablecoins from OUSD. They then proceeded and sold the stolen OUSD on Uniswap and Sushiswap in exchange for Tether (USDT).
As per Matthew Liu’s confirmation, the source of the attackers has not yet been found. Despite the hackers’ setback, the OUSD team continues to place measures to curb the firm’s insolvency.
According to Origin Protocol, individual persons and investors should stop trading OUSD on Uniswap and Sushiswap. To clarify, these crypto exchanges do not reflect the current price of OUSD assets. Moreover, they closed the deposit option within the vault, at the time of writing.