Onyx DeFi Protocol Loses $2.1 Million in Hack Exploiting Rounding Issue
In Brief
DeFi protocol Onyx Protocol suffered a hack, leading to a loss of around US$2.1 million.
Decentralized finance (DeFi) protocol Onyx reported a loss of approximately $2.1 million in a recent breach. Security threat monitoring platform Beosin’s EagleEye first highlighted the breach, emphasizing their capability in tracking stolen assets.
The tweet from PeckShield Inc. detailed that the Onyx hack was orchestrated by exploiting a recognized rounding problem prevalent in the CompoundV2 fork. The compromised oPEPE market, set up a mere five days prior to the attack, began with no liquidity.
Malicious actors manipulated this barren market, donating to then borrow funds from more liquid markets. They subsequently claimed the donated funds by manipulating the aforementioned rounding vulnerability. It’s worth noting that a similar flaw was the culprit in a prior hack of #HundredFinance, which experienced a staggering loss of around $7 million.
The @OnyxProtocol hack leads to ~$2.1M loss by exploiting a known rounding issue behind the popular CompoundV2 fork.
— PeckShield Inc. (@peckshield) November 1, 2023
Basically, the exploited oPEPE market was deployed 5 days ago without any liquidity. This empty market was abused with donation to borrow funds from other… https://t.co/ijkXbOyYr2 pic.twitter.com/fbHdZhTz0E
Blockchain Protocol Security in October
In a broader review of blockchain security, Beosin’s monitoring platform suggests a positive trend for October 2023. Losses stemming from security lapses dipped considerably, dropping by 85.6% in comparison to September’s figures. The month of October saw just over 23 distinct security breaches that cumulatively led to losses approximating $51.61 million.
This sum, while substantial, is attributable to hacker attacks, phishing attempts, and Rug Pulls. Dissecting these figures further, direct attacks were responsible for about $28.33 million, Rug Pull schemes for nearly $12.02 million, and phishing activities accounted for close to $11.26 million.
Among the most alarming breaches in October was a $7 million pilfering from the Fantom Foundation’s wallet, a $6 million unauthorized withdrawal from Coins.ph, a Philippines-centric crypto exchange, and a theft of roughly $4.4 million from the acclaimed password management utility, LastPass.
Each of these infractions were connected to the compromising of private keys. Further adding to October’s list were numerous Rug Pull events, each surpassing the million-dollar threshold. One worth mentioning involved the Web3 game project, FinSoul. The project’s developer, Fintoch, had prior associations with deceitful undertakings.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.
More articles
Nik is an accomplished analyst and writer at Metaverse Post, specializing in delivering cutting-edge insights into the fast-paced world of technology, with a particular emphasis on AI/ML, XR, VR, on-chain analytics, and blockchain development. His articles engage and inform a diverse audience, helping them stay ahead of the technological curve. Possessing a Master's degree in Economics and Management, Nik has a solid grasp of the nuances of the business world and its intersection with emergent technologies.
