Origin Dollar Loses $7 Million in Flash Loan DeFi Exploit

As reported by BeInCrypto in September, Origin Protocol launched the OUSD stablecoin to allow holders to earn yields without depositing large amounts of collateral. It has been backed by a basket of other stablecoins including USDT, USDC, and DAI. During the early hours on Tuesday morning, the team announced that there had been an exploit resulting in the loss of funds:

Unfortunately OUSD was hacked 2 hours ago and there has been a loss of funds. The @OriginProtocol team is all-hands on deck working on resolving this issue. Please do not buy or mint OUSD right now. New updates will be coming every few minutes.https://t.co/D4qTwvnYoM

— Matthew Liu (@matthewliu) November 17, 2020

OUSD Exploited For $7 Million

A Medium post by Origin Protocol co-founder Matthew Liu revealed that there has been a loss of funds of around $7 million, including over $1 million in funds deposited by Origin and its founders and employees. The transaction at the root of the attack appears to exploit a flash loan, which is when collateral is borrowed and paid back in the same transaction. Others investigating the attack stated that around 11,800 ETH worth an estimated $5.5 million was stolen in the incursion. It was also revealed that this was then ‘laundered’ into renBTC in order to convert into native BTC.

Origin Dollars' $OUSD got exploited for $5.5M in ETH, around 11,800 ETH AND $2.2M in DAI

Attack: https://t.co/opyaZY2hjs

Attacker's Address:https://t.co/fkaUqphEqx

Share, stay vigilant pic.twitter.com/xHIdP1Md63

— Krisma (@KRMA_0) November 17, 2020

DeFi researcher Chris Blec questioned why Ren Protocol has not done anything to prevent the exploitation of its own network to move stolen funds;

“While @renprotocol is in its centralized state, its ponderous why they are allowing this to occur and not modifying their centralized network to blacklist the hacker.”

Origin Protocol has disabled deposits to the vault and told users not to buy OUSD on Uniswap or Sushiswap as the current prices do not reflect the stablecoin’s underlying assets. At the time of press, OUSD had lost its peg and collapsed to $0.11 according to Uniswap.info.

Liu apologized to investors, adding that the team is working tirelessly to get to the bottom of the exploit;

“We are not going away. This is not a rug pull or internal scam. Despite this setback, it is very much in our intention to make OUSD a safe, secure, and successful product that builds on the broader Origin mission of peer-to-peer commerce.”

Flash Loan Fears

The incident highlights the danger of flash loans which have plagued the DeFi sector this year. It is the latest in a series of recent exploits to other DeFi protocols such as Harvest Finance and Akropolis and is unlikely to be the last. Earlier this year, DeFi protocol bZx was exploited for around $1 million, while throughout the summer several other protocols including dForce, Bancor, Balancer, and Opyn, were all exploited.