Connect with us
Active Currencies 14032
Market Cap $2,460,395,971,674.82
Bitcoin Share 50.59%
24h Market Cap Change $5.22
Global News

Onyx Protocol loses $2.1M after latest security breach

2min Read

DeFi lending platform Onyx Protocol fell victim to an exploit that exposed a well-known bug, raising concerns…
Posted: | Last updated: November 28th, 2023
Avatar
editors
Onyx Protocol loses $2.1M after latest security breach
Avatar
editors
Posted: | Last updated: November 28th, 2023

Share this article

  • Exploit exposed a well-known bug related to a popular CompoundV2 fork
  • This wasn’t the first time this particular bug had been used in an attack

On 27 October, the decentralized peer-to-peer lending platform Onyx Protocol became the victim of a significant exploit, resulting in the loss of approximately $2.1 million. This exploit exposed a well-known bug related to a popular CompoundV2 fork, a vulnerability that had previously been leveraged in another attack in April.

Blockchain investigator PeckShield brought attention to this security breach and the underlying bug. Despite the potential for financial devastation, this event went unnoticed by the protocol.

 

The security breach centered around an oPEPE market on Onyx Protocol, which suffered from a liquidity deficit. The attacker seized upon this vulnerability, taking advantage of the market’s liquidity shortfall and a known rounding issue. The attack was initiated by making donations to borrow funds from other markets with healthier liquidity, diverting these acquired funds to the compromised oPEPE market.

Once in this market, the bad actors exploited the rounding issue, making it possible to redeem the donated funds and profit from the hack.

Familiar bug, different victim

Remarkably, this was not the first time this particular bug had been used in an attack. In April, an attacker similarly took advantage of this vulnerability to pilfer $7 million from Hundred Finance, a multichain lending protocol. The earlier attack, which affected Hundred Finance, involved the manipulation of the exchange rate between ERC-20 tokens and hTOKENS. This manipulation allowed the attacker to withdraw more tokens than they had initially deposited.

The crypto-sector has become synonymous with hacks lately. On 31 October, reports revealed that UniBot [UNIBOT] suffered a hacking incident. The team attributed the attack to a token approval exploit within their new router. This led to a temporary halt in response to the breach. The team later reassured users that they would reimburse any funds lost in the hack.

 

Previous:
Next:

Share

Avatar
Saman Waris works as a News Editor at AMBCrypto. She has always been fascinated by how the tides of finance and technology shape communities across demographics. Cryptocurrencies are of particular interest to Saman, with much of her writing centered around understanding how ideas like Momentum and Greater Fool theories apply to altcoins, specifically, memecoins. A graduate in history, Saman worked the sports beat before diving into crypto. Prior to joining AMBCrypto 2 years ago, Saman was a News Editor at Sportskeeda. This was preceded by her stint as Editor-in-Chief at EssentiallySports.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.
Please check the format of your first name and/or email address.

Thank you for subscribing to Unhashed.