In a stunning revelation, the OnyxProtocol platform has suffered a massive loss of approximately $2.1 million, stemming from a cleverly executed exploit that targeted a rounding issue within the widely used CompoundV2 fork. The blockchain security company Peckshield Alert brought this security breach to light in a recent X post.
The @OnyxProtocol hack leads to ~$2.1M loss by exploiting a known rounding issue behind the popular CompoundV2 fork.
— PeckShield Inc. (@peckshield) November 1, 2023
Basically, the exploited oPEPE market was deployed 5 days ago without any liquidity. This empty market was abused with donation to borrow funds from other… https://t.co/ijkXbOyYr2 pic.twitter.com/fbHdZhTz0E
oPEPE, the targeted market, was introduced a mere five days before the attack, with no initial liquidity in place. Seizing this opportunity, the attacker donated to borrow funds from other markets already flush with liquidity. This ill-gotten capital was then cashed in by exploiting the well-documented rounding issue, laying bare a significant vulnerability in the system.
Interestingly, this identical vulnerability had been previously leveraged in the Hundred Finance hack, leading to an additional loss of approximately $7 million. This recurring trend underscores the pressing need for bolstered security measures within the blockchain ecosystem.
The platform has also reported an ongoing attack on the OnyxProtocol, resulting in an additional estimated loss of approximately $61.8k. The unwavering persistence of these attacks serves as a stark and sobering reminder of the relentless threats faced by the blockchain community.
#PeckShieldAlert @OnyxProtocol is under an ongoing attack. Another 1 for ~$61.8K pic.twitter.com/iBCoL80yBT
— PeckShieldAlert (@PeckShieldAlert) November 1, 2023
The recent development is indeed alarming. PeckShield’s recent disclosure in an X post unveils that Onyx Protocol has managed to obscure the origin of 100 Ethereum (ETH) tokens by employing TornadoCash. This maneuver has significantly heightened the challenge of tracing the illicit funds. This event serves as a stark reminder of the escalating ingenuity of cybercriminals in evading detection, emphasizing the indispensable requirement for continuous vigilance and scrutiny in the cryptocurrency sector.
#PeckShieldAlert Onyx Protocol Exploiter has laundered 100 $ETH to #TornadoCash pic.twitter.com/jFB4fwmCv3
— PeckShieldAlert (@PeckShieldAlert) November 1, 2023
As the blockchain realm grapples with these challenges, stakeholders are urged to remain vigilant and proactive in implementing robust security measures to shield against future exploits. The OnyxProtocol hack is a stark reminder of the ever-evolving landscape of cyber threats and the urgent need for continuous innovation in security protocols.
