Onyx Protocol loses $2.1M after latest security breach


Exploit Exposes Bug in Popular CompoundV2 Fork

On 27 October, the decentralized lending platform Onyx Protocol fell victim to a significant exploit, resulting in the loss of approximately $2.1 million. This exploit exposed a well-known bug related to a popular CompoundV2 fork, which had previously been used in another attack back in April.

Security Breach Goes Unnoticed

Despite the potential for financial devastation, the exploit went unnoticed by the protocol until blockchain investigator PeckShield brought attention to the security breach and the underlying bug.

The exploit targeted an oPEPE market on Onyx Protocol that was already suffering from a liquidity deficit. The attacker took advantage of this vulnerability and a known rounding issue, making donations to borrow funds from other markets with healthier liquidity. These funds were then redirected to the compromised oPEPE market, where the rounding issue could be exploited to redeem the donated funds and profit from the hack.

A Familiar Bug Strikes Again

Surprisingly, this bug had already been used in a previous attack. In April, an attacker exploited the same vulnerability to steal $7 million from Hundred Finance, a multichain lending protocol. This attack involved manipulating the exchange rate between ERC-20 tokens and hTOKENS, allowing the attacker to withdraw more tokens than they had initially deposited.

See also  New Ripple (XRP) and SHIB Partnership Significance

The crypto industry has recently seen an increase in the number of hacks. Just recently, UniBot suffered a hacking incident due to a token approval exploit. The team behind UniBot has taken measures to address the breach and reassure users that any lost funds will be reimbursed.



### News source: ambcrypto.com

By Team