Back in September, the Origin Protocol had launched their ‘Origin Dollar (OUSD) project, but it appears that the yield-generating stablecoin has undergone a devastating hack, as almost $7 million of funds were drained from it. The founder of the Origin Protocol, Matthew Liu was forced to make an announcement on November 17th, 2020 about the hack of their stablecoin. However, in a move to try and subdue the inevitable outrage, he was quick to highlight that of the $7 million that had been stolen in the hack, $1 million were the funds deposited by the founders of Origin, employees and the company itself.
In the company’s original announcement, they were still not aware of what exploit had been used by the hackers for carrying out the attack, but they did have a lead relating to a flash loan transaction. According to the announcement, it appears that this transaction was the actual source of the attack and the total cost of completing the transaction had been about 0.54 ETH. Liu stressed in the announcement that the Origin Protocol team was working round the clock in order to identify this exploited vulnerability. He went on to say that once identified, they would provide updates and would also give additional details about the attack.
The conclusion that was eventually drawn indicated that a reentrancy bug in the smart contracts of the Origin Protocol had been the cause of the attack. Even though provisions against the reentrancy were already made by Origin, they did not anticipate that one of their own supported stablecoins would be used for attacking the protocol. Specifically, a missing validation check had been used by the attacker when mining OUSD with various stablecoins, doing so for pushing in fake stablecoins. The next move was using the Vault and transferring the fake stablecoin that exploited the contract, thereby initiating a reentrancy attack from there.
Thanks to the assistance of a number of third parties, the Origin Protocol has managed to track some of the funds that were drained from them. However, it is also a fact that a staggering amount of funds remains at large. Liu was quick to reassure its clients that they were not going to disappear into thin air and also tried to assuage other concerns about it being some sort of internal scam. In the meantime, he went on to say that others should steer clear of the OUSD and should not trade it for now.
Not only has OUSD been put on hold, but the Origin Protocol has also done the same with staking. As expected, this didn’t do any good to the stablecoin because, as soon as the news hit, the value of a single OUSD dropped to as low as $0.15 on Uniswap. With any luck, it will be possible to resolve the whole matter and victims of the hack will suffer from minimal loss of capital. However, this is certainly a problem for the DeFi (decentralized finance) industry because such hacks seem to be becoming the norm.