Hackers Steal $840,000 in Orange Finance DeFi Breach
In a major blow to the decentralized finance (DeFi) ecosystem, hackers have exploited vulnerabilities in Orange Finance, a popular protocol on the Arbitrum blockchain, making off with over $840,000. The attack targeted weaknesses in the platform’s smart contracts, compromising the admin address and enabling the withdrawal of funds.
Security firm Cyvers Alerts reported that the stolen funds were immediately converted to Ethereum (ETH), significantly complicating efforts to track and recover them. Orange Finance is investigating the breach but has so far provided little detail about how the hack was executed.
In the aftermath of the attack, the team behind Orange Finance has advised users to stop interacting with the affected smart contracts and revoke any previous permissions. The compromised contract, they confirmed, is no longer under their control. Efforts are underway to secure the platform and prevent additional losses.
In a bid to recover the stolen assets, Orange Finance took an unusual step by contacting the hacker through Arbiscan, a blockchain explorer for the Arbitrum network. They offered to treat the incident as a “white-hat hack” if the funds are returned. “We have an offer related to this matter,” the team wrote in their message. “If you respond positively to our offer within 24 hours, we guarantee that no law enforcement agencies will be involved.”
The breach has once again spotlighted the persistent risks associated with DeFi platforms, particularly vulnerabilities within smart contracts. Experts are urging users to exercise heightened caution when managing digital assets on such platforms, especially those recently affected by security incidents.
Orange Finance has promised to keep its community updated on the ongoing investigation and any progress in recovering the stolen funds. For now, the hack serves as another reminder of the security challenges that continue to plague the DeFi space.