The Origin block-chain e-commerce platform is backed by other stable-coins, not by fiat. Origin Dollar was promoted as the 1st first stable-coin that earns a yield while holding it in the personal wallet and the OUSD balance compounds multiple times per day with no staking required.
And everything was a smooth ride for Origin Dollar and the OUSD holders until Monday 16th of November, when an hacker attack successfully broke the OUSD Vault. Similar to all recent hacks, a multitude of crypto flash loan attacks were used to exploit a code vulnerability. This is another failure of decentralized finance, and another event that will shake the confidence in crypto. In the last month other attacks exploited vulnerabilities and over $40 million were stolen from Akropolis, Value DeFi and Harvest Finance.
The initial estimated loss is $7 million of Ethereum and DAI. In the aftermaths of the attack, Origin Dollar dropped to a $0.14 value, losing more than 80% of the expected pegged value. The attacker exploited a validation check in mint multiple to pass in a fake stable-coin, allowing the hacker to exploit the contract and the minting process.
The OUSD attack was originated from 0xb77f7bbac3264ae7abc8aedf2ec5f4e7ca079f83 and 70,000 ETH were borrowed only to be swapped with stable-coins. Uniswap was used to exchange 17,500 ETH for 7,855,911.53 USDT and 52,500 ETH for 20,987,772.08 DAI. The Tether was used to mint 7,5 million OUSD which were transferred. This amount was more than 50% of all OUSD in existence, as the vault had an equivalent amount of collateral to support 14 million OUSD tokens. Instead of using a valid stable-coin, the malicious contract transferred a mix of fake stable-coins and DAI. The total supply of OUSD was pushed to 55,5 million through a complex minting and withdrawing process.
At this point, the attacker held 38 million OUSD, which was more than the value of the vault. Therefore, 300,000.00 OUSD were exchanged for 158,550 USDT on Uniswap and 1 million OUSD were exchanged for 520,756.83 USDT on SushiSwap. The swap was followed by DAI, Tethrer and USDC withdraws from the OUSD vault, resulting the burn of 33 million OUSD. Most of the stable-coins were exchanged for Ethereum, and the remaining assets where laundered through wBTC and Tornado.Cash, resulting in $3,3 million worth of Ethereum and $2.2 worth of DAI for the attacker. Only in DeFi you can buy the dip in stable-coins
The Origin team will take a set of measures in an attempt to recover the lost funds before creating a compensation plan for those affected, reminding traders to not buy OUSD from Uniswap or Sushiswap as the current price don't reflect the asset value. On a fun note, they kindly asked the hacker to return the stolen funds and in exchange they will employ him/her/they as security consultant.
We ask that you do the right thing and return the funds. You’ve demonstrated your superior skills as a hacker, and we’d happily hire you as a security consultant. If you return 100% the funds, we promise not to pursue you or any legal action against you. We humbly ask you to consider the hundreds of innocent people you are hurting and return the funds.
The Origin Team apologized to those who had assets deposited on the platform, and reasured everyone that this was not an internal scam and they are not running away.
At this time, we would like to extend our sincerest and deepest apologies to those early OUSD users that have deposited funds with us. We very much valued and appreciated your early bet on our new product, and we will work tirelessly to get to the bottom of this. We are not going away. This is not a rug pull or internal scam. We are sorry for the events of today, and we will carry this burden forward to do better.
And now asking for a favour... do you want me to win some Nexus? If yes like and share my drawing (Finalist no.3)
Links and referrals:
Amazon author page: PV Mihalache
Quality Faucets: Free-Litecoin.com (LITECOIN)