Home » Latest News » Onyx Protocol Loses $3.8 Million in Preventable Hack

Onyx Protocol Loses $3.8 Million in Preventable Hack

Onyx Protocol, a DeFi platform built as a fork of Compound Finance, has lost $3.8 million in a recent hack. This attack adds to the growing list of security breaches within the crypto space. 

Onyx Protocol logo with a background representing a cybersecurity breach
Source: https://blog.onyx.org/onyx-protocol-v2-launch-plan-c26788a8a49d

Hackers Drain $3.8 Million from Onyx 

Blockchain security firm PeckShield was the first to raise alarms about suspicious transactions on OnyxDAO. They soon confirmed a $3.8 million loss, with hackers already swapping the stolen funds. Web3 security company Cyvers also verified the attack, noting that most of the stolen assets were VUSD stablecoins. 

Investigations show that the hacker exploited a bug in the protocol’s code, which is based on Compound V2. The attacker siphoned 4.1 million VUSD, 7.35 million XCN, 5,000 DAI, 0.23 WBTC, and 50,000 USDT. The flaw allowed the hacker to manipulate exchange rates in a near-empty market. 

This isn’t the first time Onyx Protocol has been targeted. In October 2023, hackers exploited a similar issue, stealing $2.1 million. Both incidents point to the same vulnerability—rounding errors inherited from the Compound V2 code. 

A Common Problem in DeFi Forks 

Many DeFi platforms are open-source, meaning developers often build on existing code instead of creating new code from scratch. While this can increase efficiency, it also means vulnerabilities in the original code may be passed along to forked projects like Onyx. 

Security experts note that these attacks were preventable. The crypto industry has seen similar exploits, and guidance on preventing such issues is widely available. 

This attack follows another major incident this week, with Truflation, a decentralized infrastructure, losing $4.6 million to a similar exploit. These ongoing breaches underscore the urgent need for stronger security measures across the crypto industry.

September 27, 2024 at 9:10 am

Updated September 27, 2024 at 9:10 am

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top