Orca Protocol Swiftly Secures Systems Following Third-Party Incident: User Funds Remain Protected

Incident Response and System Reinforcement

The Solana ecosystem liquidity protocol Orca has provided an update regarding its response to a security incident linked to a third-party cloud hosting service it utilizes.

Orca's front-end application is hosted on the Vercel platform. Upon awareness of the security situation, the team enacted a comprehensive safeguarding procedure based on a principle of utmost caution, without awaiting confirmation of a specific breach. Key actions included proactively rotating all potentially exposed API keys, access tokens, and deployment credentials.

Confirmation of Protocol and User Fund Status

Following a thorough review, Orca confirms that the incident was confined to the front-end hosting environment. The underlying smart contract protocol – the on-chain core system managing all liquidity pools and transaction logic – remained entirely unaffected and operational.

Crucially, all user funds deposited within the protocol are secure. User digital asset security is managed directly by the smart contracts and is isolated from front-end services. These actions were preventive infrastructure security enhancements and did not involve any user wallet or asset control.

Ongoing Monitoring and Transparent Communication

The Orca team stated that its security engineers will continue monitoring system status and the third-party service environment. They commit to providing transparent, timely updates via official channels as more information from the investigation becomes available. This approach aims to uphold user trust and demonstrate their ongoing commitment to security standards within the decentralized finance space.