Protect Your Project Today
Strengthen your project with the largest web3 security provider.
A CertiK security expert will review your request and follow up shortly.

Hunting Orion: The $3M Loss from a Reentrancy Attack

Reports ·Incident Analysis ·
Hunting Orion: The $3M Loss from a Reentrancy Attack

Project name: Orion Protocol

Project type: Exchange

Date of exploit: Feb 2, 2023

Asset loss: $3M

Vulnerability: Reentrancy

Date of audit report publishing: May 24, 2021

Conclusion: Out of Audit Scope

Details of the Exploit

Background

Orion protocol is a liquidity aggregator that aggregates the liquidity of a single crypto exchange into a decentralized platform. The (vulnerable) exchange contract serves as a router to swap tokens and also allows users to deposit into the contract.

Nature of the Vulnerability

The vulnerability is due to a reentrancy attack targeting the exchange contract, where the attacker can perform a reentrant call to deposit tokens during the swap, thus causing the deposit tokens to also be counted in the swap process.

CertiK Audit Overview

Screenshot 2024-01-08 at 5.57.20 AMScreenshot 2024-01-08 at 5.57.58 AM

Conclusion

On Feb 2, 2023, the Orion Protocol was exploited for $3M due to a reentrancy attack targeting the exchange contract. The compromised contract (eth:0x98a877bb507f19eb43130b688f522a13885cf604) was not audited by CertiK. CertiK only audited for Orion’s token and sale contracts.

References

Rekt news: https://rekt.news/orion-protocol-rekt/

Related Blogs

Resolv Protocol Incident Analysis
New · Reports ·Incident Analysis

Resolv Protocol Incident Analysis

On 22 March 2026, the Revolv protocol was exploited, resulting in a loss of ~$26.8M due to a compromise of the project's cloud infrastructure which gave access to Resolv’s AWS Key Management Service (KMS).

Gyroscope Incident Analysis
Reports ·Incident Analysis

Gyroscope Incident Analysis

On 30 January 2026, Gyroscope announced via their X account that they had paused liquidity pools due to an issue with their cross-chain contract. The issue led to losses of 6M Gyro Dollar (GYD) tokens with approximately $807k of liquidity extracted by the attacker.

Truebit Incident Analysis
Reports ·Incident Analysis

Truebit Incident Analysis

On 08 January 2026 Truebit was exploited for ~$26.6M due to an overflow issue. A malicious actor minted tokens for zero ETH that they then sold for ~$26.4M in the same transaction. The exploit was followed up by a second attacker who was able to extract a further ~$224k.