Connect with us
Active Currencies 11172
Market Cap $1,489,523,458,007.70
Bitcoin Share 49.64%
24h Market Cap Change $-0.83

Onyx Protocol loses $2.1M after latest security breach

2min Read

DeFi lending platform Onyx Protocol fell victim to an exploit that exposed a well-known bug, raising concerns…

Onyx Protocol loses $2.1M after latest security breach

Share this article



  • Exploit exposed a well-known bug related to a popular CompoundV2 fork
  • This wasn’t the first time this particular bug had been used in an attack

On 27 October, the decentralized peer-to-peer lending platform Onyx Protocol became the victim of a significant exploit, resulting in the loss of approximately $2.1 million. This exploit exposed a well-known bug related to a popular CompoundV2 fork, a vulnerability that had previously been leveraged in another attack in April.

Blockchain investigator PeckShield brought attention to this security breach and the underlying bug. Despite the potential for financial devastation, this event went unnoticed by the protocol.

 

The security breach centered around an oPEPE market on Onyx Protocol, which suffered from a liquidity deficit. The attacker seized upon this vulnerability, taking advantage of the market’s liquidity shortfall and a known rounding issue. The attack was initiated by making donations to borrow funds from other markets with healthier liquidity, diverting these acquired funds to the compromised oPEPE market.

Once in this market, the bad actors exploited the rounding issue, making it possible to redeem the donated funds and profit from the hack.


Familiar bug, different victim

Remarkably, this was not the first time this particular bug had been used in an attack. In April, an attacker similarly took advantage of this vulnerability to pilfer $7 million from Hundred Finance, a multichain lending protocol. The earlier attack, which affected Hundred Finance, involved the manipulation of the exchange rate between ERC-20 tokens and hTOKENS. This manipulation allowed the attacker to withdraw more tokens than they had initially deposited.

The crypto-sector has become synonymous with hacks lately. On 31 October, reports revealed that UniBot [UNIBOT] suffered a hacking incident. The team attributed the attack to a token approval exploit within their new router. This led to a temporary halt in response to the breach. The team later reassured users that they would reimburse any funds lost in the hack.


Share

Saman is a News Editor at AMBCrypto. Her background in History and English expanded on her knack for editing and presenting all sides of a story without bias. With a strong will to learn, Saman is always up for exploring unknown territory, and crypto, with its ever-changing landscape, offers just that.
Read the best crypto stories of the day in less than 5 minutes
Subscribe to get it daily in your inbox.