In partnership with

Writer RAG tool: build production-ready RAG apps in minutes

• Writer RAG Tool: build production-ready RAG apps in minutes with simple API calls.

• Knowledge Graph integration for intelligent data retrieval and AI-powered interactions.

• Streamlined full-stack platform eliminates complex setups for scalable, accurate AI workflows.

Learn more about our production ready RAG tooling here.

TL;DR:

On January 8, 2025, Orange Finance suffered a $0.84 million loss when a hacker took over the admin key, upgraded the platform's contracts, and siphoned funds into their own wallet. The team is still investigating the breach. In the meantime, all users are advised to revoke contract approvals and refrain from interacting with the compromised contract.

Make Sure This Hack Doesn’t Happen To You 🫵

Subscribe to Blockbasis and get access to our premium scanner to check whether your the funds in your wallet is safeguarded from hacks 🔐

On January 8, 2025, Orange Finance became the latest victim of a major DeFi exploit, losing a staggering $0.84 million. The attack occurred when an unauthorized entity gained control over the admin address, allowing them to upgrade the contracts and transfer funds into their own wallet.

At this stage, the Orange Finance team is still investigating the breach, but they’ve issued a stark warning to all users: the compromised contract is no longer secure.

The Exploit: Compromised Admin Key

The heart of this attack was the compromise of the admin key, a critical vulnerability that gave the hacker complete control over the Orange Finance smart contracts. Admin keys are designed to provide trusted parties with the ability to make necessary updates and changes to the platform. However, in this case, the attacker exploited this access to upgrade the contracts, effectively taking control of the entire platform.

Once in control, the attacker was able to upgrade the smart contracts, which typically allows for updates or improvements. However, in this case, the attacker used this capability to siphon funds from the platform. This type of exploit not only lets the attacker manipulate the contract’s functionality but also enables them to transfer assets at will—essentially draining funds from the platform to their own wallet.

As the scale of the breach became apparent, the Orange Finance team immediately took action, issuing an urgent warning to all users. They advised users to revoke all contract approvals associated with Orange Finance to minimize any further exposure. Additionally, the team clarified that the contract had been completely compromised, meaning that it no longer represented the legitimate Orange Finance platform. With the compromised contract now in the hands of the attacker, any interaction with it could lead to further loss of funds.

The exploit underscores a critical issue in DeFi: the inherent risks of centralized control over smart contract upgrades. This breach highlights the importance of implementing more secure methods of administration, such as multi-signature wallets or decentralized governance models, to prevent unauthorized control and minimize the potential for damage.

Official Statement from Orange Finance: Security Incident and Immediate Action Required

Important Announcement - January 8, 2025

We regret to inform the community that the admin address for Orange Finance has been compromised by an unauthorized actor. The attacker gained control of the admin key, upgraded the contracts, and transferred funds to their wallet. The cause of the breach is currently under investigation, but the compromised contract is no longer representative of Orange Finance. We strongly advise all users to immediately revoke any contract approvals related to Orange Finance to mitigate further risk. Affected vaults include the Stryke vault and the closed Stable vault, with a detailed list of impacted addresses available in the official announcement. We are actively working on the investigation and will provide updates as new information becomes available. We apologize for any inconvenience this incident may cause and thank you for your prompt attention to this matter.

For further details, please refer to the official announcement on X.

Impact on Users: Vaults and Wallets Affected

The attack targeted multiple vaults, and users should pay close attention to the following addresses:

• Stryke Vault: Multiple wallet addresses were affected, and the hacker has reportedly drained funds from several of these vaults.
  Key affected addresses include:

  • 0x22dd31a495CafB229131A16C54a8e5b2f43C1162

  • 0xe1B68841E764Cc31be1Eb1e59d156a4ED1217c2C

  • (Additional addresses in the official update)

• Stable Vault (Closed): This vault is now closed, and users should ensure they are not interacting with the following addresses:

  • 0xd6ecEb3978bf2b76958b96E8A207246b98C7d639

  • 0x65Fb7fa8731710b435999cB7d036D689097548e8

  • (Further addresses listed in the update)

A Wake-Up Call for DeFi Security

This breach highlights the serious vulnerabilities present in DeFi platforms. By exploiting a compromised admin key, the attacker gained full control over the platform and was able to transfer funds with ease. This incident emphasizes the importance of robust security measures for DeFi protocols. To prevent similar attacks, platforms must prioritize advanced security protocols, including multi-signature wallets and hardware security modules (HSMs), which can significantly reduce the risks associated with centralized control.

What You Can Do

If you are a user of Orange Finance, we strongly urge you to follow the team’s recommendation to revoke all contract approvals immediately. This step is vital in protecting your assets and minimizing further risks. Regularly auditing your wallet permissions is essential, ensuring that contract approvals are granted only to trusted and secure platforms.

At BlockBasis, we are committed to providing you with the latest tools, resources, and insights to help you secure your assets in the DeFi space. Stay proactive, stay informed, and prioritize your security.

Protect Your Assets with Ledger Hardware Wallets

In light of recent security breaches, including the Orange Finance exploit, securing your private keys has never been more important. One of the most reliable ways to safeguard your digital assets is by using a hardware wallet, like those offered by Ledger. These devices provide a secure, offline method of storing your private keys, making them virtually impervious to online attacks and hacks.

Ledger offers a variety of hardware wallets, each designed to ensure that your private keys remain safe and secure in an offline environment. By using Ledger’s hardware wallets, you can significantly reduce the risk of unauthorized access and protect your DeFi assets from potential threats.

To learn more about how Ledger can help you secure your digital assets, visit their official store.

The Road Ahead

As the investigation progresses, it’s essential for the DeFi community to draw lessons from this exploit. Every breach offers valuable insights into the vulnerabilities we must address to strengthen the ecosystem. We will continue to monitor the situation closely and provide you with updates on any new findings or developments regarding this attack.

Stay informed and secure,

BlockBasis