Hunting Orion: The $3M Loss from a Reentrancy Attack

Research Incident Analysis
Hunting Orion: The $3M Loss from a Reentrancy Attack

Project name: Orion Protocol

Project type: Exchange

Date of exploit: Feb 2, 2023

Asset loss: $3M

Vulnerability: Reentrancy

Date of audit report publishing: May 24, 2021

Conclusion: Out of Audit Scope

Details of the Exploit

Background

Orion protocol is a liquidity aggregator that aggregates the liquidity of a single crypto exchange into a decentralized platform. The (vulnerable) exchange contract serves as a router to swap tokens and also allows users to deposit into the contract.

Nature of the Vulnerability

The vulnerability is due to a reentrancy attack targeting the exchange contract, where the attacker can perform a reentrant call to deposit tokens during the swap, thus causing the deposit tokens to also be counted in the swap process.

CertiK Audit Overview

Screenshot 2024-01-08 at 5.57.20 AMScreenshot 2024-01-08 at 5.57.58 AM

Conclusion

On Feb 2, 2023, the Orion Protocol was exploited for $3M due to a reentrancy attack targeting the exchange contract. The compromised contract (eth:0x98a877bb507f19eb43130b688f522a13885cf604) was not audited by CertiK. CertiK only audited for Orion’s token and sale contracts.

References

Rekt news: https://rekt.news/orion-protocol-rekt/

Related Blogs

CertiK Intel3D H1 2026 Wrench Attacks

CertiK Intel3D H1 2026 Wrench Attacks

52 verified wrench attacks and $124.1 million in recorded exposure in H1 2026: a 33.3% rise in incidents, an 11.8-fold rise in losses, and a threat that has narrowed into a Western European crisis.

Introducing CertiK Hunt, The Invite-Only Security Platform for Web3 Projects and Top Security Researchers

Introducing CertiK Hunt, The Invite-Only Security Platform for Web3 Projects and Top Security Researchers

CertiK Hunt is an invite-only platform connecting elite security researchers with web3 projects through bug bounty programs, audit competitions, and AI challenges.

Resolv Protocol Incident Analysis

Resolv Protocol Incident Analysis

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).