DeFi Origin Dollar (OUSD) Hacked for $7 Million – Hack or Scam?
Are DeFi projects being hacked or are they setup as scams? As the already 4th DeFi coin this month claims to have been hacked, questions are once again abounding. Last month we published an article featuring a warning by contrarian investor CryptoWhale who said the cryptoshere would be hit with an abundance of scams in the DeFi marketplace.
Two days ago Value DeFi was exploited for $ 6 million with 2 flash loans, less than a month ago there was a Harvest Finance hack with $24 million stolen and $15 million was stolen in the bizarre Eminence hack.
There have now been 4 price oracle attacks carried out using flash loans in recent weeks: Harvest, Cheese, Origin Protocol, & Value DeFi. Price oracles determine the execution of your entire protocol, and you want strong market coverage if you are securing real value. #Chainlink https://t.co/QdGxufmYl6— ⬡ The_Crypto_Oracle ⬡ (@Crypto___Oracle) November 17, 2020
This is not a rug pull
In the past hours, Matthew Liu, Co-Founder of Origin Protocol (OGN), a San Franciso-headquartered peer-to-peer commerce startup, posted a message via Medium, in which he admitted that the OUSD protocol had been hacked
And there has been a loss of user funds. We are actively investigating the issue. We are committed to making things right.
Another one bites the dust: Origin Dollar (OUSD) exploited for $2.25m in DAI and $1m in Ethereum.— Nick C. (@n2ckchong) November 17, 2020
Flash loan attacker/exploiter is already washing the funds via RenBTC. pic.twitter.com/3VouT7AiJe
There has been a loss of funds of around USD 7m, including over USD 1m of funds deposited by Origin and our founders and employees.
So far all looks normal in the messaging by the startup, but then things turn a bit strange.
Origin Protocol has announced its yield-generating stablecoin protocol, OUSD, has been hacked and drained of at least $7 million— ADIGI (@daradigitron) November 17, 2020
“We are not going away. This is not a rug pull or internal scam,” he continues, before offering the hacker a job at his company:
We ask that you do the right thing and return the funds. You’ve demonstrated your superior skills as a hacker, and we’d happily hire you as a security consultant. If you return 100% the funds, we promise not to pursue you or any legal action against you. We humbly ask you to consider the hundreds of innocent people you are hurting and return the funds.
Not pursue legal action
Just a tip from a writer about all things crypto. Although we understand that things are stressed, it is probably never a good idea to promise a hacker a job and to not pursue legal action. Also maybe not the smartest move to immediately refer to a possible “internal scam”.