Verify a decision

{"actor":"system:backfill","investigation_id":"553a92d2-ee3f-4280-ae05-a6e447c45f5c","kind":"publish","page_slug":"orange-finance","published_at":"2026-05-30T04:47:53.323Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Orange Finance","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.orangefinance.io/","type":"other","url":""},{"credibility":3,"name":"https://mirror.xyz/0x6FA2aF9a4d6fFe654361F713780963C10412e7c3/IYCNZKmmxDL5V94ScyCZVXqoRzl7kIkhRxUIpMkUE1Y","type":"other","url":""},{"credibility":3,"name":"https://forum.arbitrum.foundation/t/orange-finance-ltipp-application-final/21664","type":"other","url":""},{"credibility":3,"name":"https://blog.stryke.xyz/articles/elevating-defi-stryke-orange-finance-unite","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://rekt.news/orange-finance-rekt/","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/orange-finance-hack","type":"other","url":""},{"credibility":3,"name":"https://quadrigainitiative.com/casestudy/orangefinancesmartcontractprivatekeycompromised.php","type":"other","url":""},{"credibility":3,"name":"https://www.sentnl.io/resources/explained-orange-finance-falls-to-multi-sig-exploit-january-2025","type":"other","url":""},{"credibility":3,"name":"https://ashourics.medium.com/orange-finance-exploit-a-deep-technical-analysis-of-defi-security-architecture-failures-85fcf4380e62","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/arbitrums-largest-liquidity-manager-orange-finance-loses-840k-in-hacker-attack/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.sentnl.io/resources/explained-orange-finance-falls-to-multi-sig-exploit-january-2025","type":"other","url":""},{"credibility":3,"name":"https://ashourics.medium.com/orange-finance-exploit-a-deep-technical-analysis-of-defi-security-architecture-failures-85fcf4380e62","type":"other","url":""},{"credibility":3,"name":"https://zircon.tech/blog/security-breach-at-orange-finance-a-wake-up-call-for-web3-projects/","type":"other","url":""},{"credibility":3,"name":"https://github.com/orange-finance/alpha-contract/blob/main/audit-report/Orange_Finance_Audit_Report_by_WatchPug.pdf","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.cryptopolitan.com/orange-finance-compromised-contract-arbitrum/","type":"other","url":""},{"credibility":3,"name":"https://quadrigainitiative.com/casestudy/orangefinancesmartcontractprivatekeycompromised.php","type":"other","url":""},{"credibility":3,"name":"https://mirror.xyz/0x6FA2aF9a4d6fFe654361F713780963C10412e7c3/gN17YMrLhKKg9YT9a391U74pWr9IhqBUDWUqDyDamjE","type":"other","url":""},{"credibility":3,"name":"https://www.mitrade.com/insights/news/live-news/article-3-559683-20250108","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://t.me/s/investigations","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/white-hat-hackers-arbitrum-orange-attack/","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/orange-finance","type":"other","url":""},{"credibility":3,"name":"https://www.web3isgoinggreat.com/single/orange-finance-hack","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://forum.arbitrum.foundation/t/orange-finance-ltipp-application-final/21664","type":"other","url":""},{"credibility":3,"name":"https://mirror.xyz/0x6FA2aF9a4d6fFe654361F713780963C10412e7c3/_lqeem2-b20xw4kFWERYtVyXHgSvvpFNiTUvyDi5irg","type":"other","url":""},{"credibility":3,"name":"https://defillama.com/protocol/orange-finance","type":"other","url":""}]}],"sources_used":[],"summary":"Orange Finance is an Arbitrum-based automated liquidity management protocol designed for LPDfi (liquidity provider DeFi), enabling users to earn swap fees and options premiums via concentrated AMM vaults. On January 8, 2025, the protocol suffered a critical security breach in which an attacker compromised the admin private key, exploited a misconfigured multi-signature wallet that required only a single signature to execute, and drained approximately $843,556 across all active vaults. The protocol was flagged by ZachXBT and has not resumed normal operations since the incident.","timeline":[{"date":"2023-01-01","event":"Orange Finance publishes 2023 roadmap on Mirror, outlining plans for Uniswap v3 automated liquidity management vaults on Arbitrum.","source":""},{"date":"2023-06-01","event":"Orange Finance Alpha Orange Vault launches on Arbitrum, targeting the USDC.e/ETH pool with delta-hedging via Aave.","source":""},{"date":"2024-04-01","event":"Orange Finance submits LTIPP grant application to the Arbitrum Foundation requesting 150,000 ARB, reporting $1.32M TVL and 170 depositors.","source":""},{"date":"2024-06-01","event":"Orange Finance and Stryke Protocol announce vault integration partnership, enabling liquidity management for Stryke's options AMM.","source":""},{"date":"2024-12-01","event":"Orange Finance expands to Berachain, launching Orange Vaults with Stryke. Protocol TVL reaches approximately $1.5M on Arbitrum.","source":""},{"date":"2025-01-08","event":"Attacker compromises Orange Finance admin private key, exploits single-signature multi-sig misconfiguration, upgrades all smart contracts, and drains approximately $843,556 across all active vaults on Arbitrum. Stolen assets converted to ETH and bridged via Stargate.","source":""},{"date":"2025-01-08","event":"Orange Finance posts warning on X advising users to revoke all contract approvals. Team states they are 'not sure what happened' and that contracts are no longer under their control.","source":""},{"date":"2025-01-08","event":"Orange Finance sends on-chain message to attacker's address offering white-hat arrangement with 24-hour deadline and guarantee of no law enforcement involvement.","source":""},{"date":"2025-01-08","event":"Stryke Protocol pauses associated vaults and disables deposits/withdrawals as a precautionary measure following the exploit.","source":""},{"date":"2025-01-09","event":"Orange Finance publishes follow-up incident report on Mirror detailing loss breakdown by wallet, attack steps, and notes engagement of Seal 911 for investigation.","source":""},{"date":"2025-01-09","event":"A separate Arbitrum-based protocol targeted by a copycat attack similar to Orange Finance's exploit; white-hat hackers successfully prevent fund loss.","source":""},{"date":"2025-01-09","event":"CyversAlerts and multiple on-chain security monitors publish alerts cataloguing the Orange Finance exploit. Incident flagged by ZachXBT's investigations channel.","source":""}]},"v":1}