The assault was carried out in the kind of a flash loan by exploiting a vulnerability in the Onyx protocol database code, triggering much more than $two.one million in harm.
DeFi Protocol The Onyx Protocol Has Been Drained of $two.one Million by Hackers
On the evening of November one, 2023, blockchain safety unit PeckShield reported an assault on the DeFi protocol named Onyx Protocol, with an original estimated reduction of more than $two.one million.
The report states that the attacker withdrew the money by exploiting a rounding vulnerability in the Onyx database code, triggering losses and impacting the accuracy of the task (precision reduction). This vulnerability stems from an earlier edition of the Compound V2 fork that Onyx integrated into its underlying architecture.
THE @OnyxProtocol the hack prospects to a reduction of about $two.one million by exploiting a recognized rounding difficulty behind the well-liked CompoundV2 fork.
Basically, the exploited oPEPE market place opened five days in the past with no liquidity. This empty market place has been abused with donations to borrow money from many others… https://t.co/ijkXbOyYr2 pic.twitter.com/fbHdZhTz0E
— PeckShield Inc. (@peckshield) November 1, 2023
Specifically, kThe attacker flash loaned a important volume of ETH, exchanged it for PEPE, and then deposited money into a precise pool to manipulate the exchange price. Due to the influence of reduction of accuracy, hackers had been capable to withdraw much more assets than the pool price.
Soon immediately after, the Onyx protocol attacker promptly dispersed the complete stolen volume of more than one,164 ETH (equivalent to about $two.one million) to the wallet tackle. “0x4C9C8661243E9E9a15A35B8873317eb881330c98“.
PeckShield believes the Onyx protocol incident is related to the Hundred Finance assault that induced $seven.four million in harm in April 2023, forcing the task to shut down and come up with a compensation prepare for customers.
Just more than an hour later on, in accordance to PeckShield, all of the stolen cash was laundered by hackers by means of Tornado Cash – transaction mixing protocol on Ethereum whose co-founder, Roman Semanov, was arrested by the US government.
— PeckShieldAlert (@PeckShieldAlert) November 1, 2023
Flash lending is a well-liked kind of “hot lending”, which lets customers to borrow significant sums of cash without having mortgaging assets, as prolonged as the loan is repaid inside the very same block of transactions.
According to PeckShield statistics, 386 DeFi attacks occurred in the initially six months of 2023, with a complete reduction worth of $479 million. Of these, 71% of the attacks had been carried out by means of flash loans, in this situation Euler Finance was “live witness”, followed by Platypus, 0VIX and Allbridge…
As you can see, fast loan it is normally a fatal weakness that brings about significant harm to the array DeFi not too long ago. This is also the trouble that blockchain safety and auditing corporation Quantstamp desires to resolve collectively by means of a new initiative.
Join the discussion on the hottest problems in the DeFi market place in the chat group Coinlive Chats Let’s join the administrators of Coinlive!!!