DeFi Security Alert: Onyx Protocol's $2.1 Million Breach Exposes Ongoing Vulnerabilities

The crypto world witnessed another significant security breach on October 27 when Onyx Protocol, a decentralized peer-to-peer lending platform, fell victim to an audacious hack. The breach resulted in a staggering loss of approximately $2.1 million, sending shockwaves through the blockchain community. This incident, once again, shines a spotlight on the vulnerabilities that persist within the realm of decentralized finance (DeFi), particularly in markets with low liquidity.

The @OnyxProtocol hack leads to ~$2.1M loss by exploiting a known rounding issue behind the popular CompoundV2 fork.

Basically, the exploited oPEPE market was deployed 5 days ago without any liquidity. This empty market was abused with donation to borrow funds from other… https://t.co/ijkXbOyYr2 pic.twitter.com/fbHdZhTz0E

— PeckShield Inc. (@peckshield) November 1, 2023

The attacker, in this case, demonstrated a deep understanding of the intricacies of DeFi by exploiting a known bug—a rounding issue in the CompoundV2 fork, a widely used framework in the DeFi space. This vulnerability managed to elude the scrutiny of Onyx Protocol's security measures until blockchain investigator PeckShield unveiled the breach.

PeckShield's independent investigation revealed that the attacker had set their sights on the oPEPE market, an area notoriously lacking in liquidity. Their modus operandi involved manipulating donations to borrow funds from other, more liquid markets, ultimately capitalizing on the rounding issue to siphon off substantial sums of cryptocurrency.

#CertiKSkynetAlert ????@HundredFinance’s attacker manipulated the exchange rate between ERC-20 tokens and htokens which allowed them to withdraw more tokens than they had originally deposited. The estimated losses of this attack is around $7.4 million.

Stay vigilant! https://t.co/1hxAnFoNjj

— CertiK Alert (@CertiKAlert) April 15, 2023

This unfortunate incident is not an isolated one; a similar attack had previously been executed on April 16, targeting the multichain lending protocol, Hundred Finance, resulting in a colossal loss of $7 million. In that instance, the attacker tampered with the exchange rate between ERC-20 tokens and hTOKENS, enabling them to withdraw a significantly larger amount of tokens than their initial deposit.

These recurrent cyber exploits underscore the urgent need for a comprehensive understanding and proficiency in tracking cryptocurrencies to mitigate such risks. The process includes transaction tracing, address clustering, behavioral analysis, pattern recognition, regulatory vigilance, and collaboration—a holistic approach that is integral to preserving the integrity and security of decentralized finance platforms.

In the ever-evolving landscape of cryptocurrencies and DeFi, security remains paramount. The Onyx Protocol breach is a stark reminder that as the crypto industry advances, so too do the strategies of cybercriminals. To safeguard the future of DeFi, we must remain vigilant, adaptable, and proactive in our approach to security. Only through these measures can we continue to harness the potential of decentralized finance while minimizing the risks.

Read More: LastPass Security Breach Results in $4.4 Million in Losses