Flash loan attack on the Origin Protocol


A severe flash loan attach on the Origin Protocol causes OUSD Stablecoin value to plummet by 85%.


The attack that happened on 17th November resulted in the disappearance of tokens, worth millions of dollars. One of the project leaders was working with exchanges in an attempt to identify the hacker and freeze the tokens before they were liquidated.

Following investigations, the stolen funds had been traced to a wallet which was then monitored.

The attacker used both Tornado Cash and Renbtc to wash and move funds.

The team warned users providing liquidity on Sushiswap to remove their funds as soon as possible and to not attempt to buy or sell OUSD at that time.

As a result of the attack, the price of OUSD plummeted and traded at $0.15 per token (on 17th November 2020).

After further investigation, it was identified that the attacker exploited a reentrancy bug in the contract. Origin Protocol Co-founder Matthew Liu admits that their contract is only safe from bugs "unless one of our supported stablecoins was attacking us".

He further adds "They were then able to take extra OUSD after withdrawing and sell it on Uniswap and Sushiswap for USDT in subsequent transactions."