Facebook X (Twitter) Instagram LinkedIn Medium Reddit
CRYPTO PRODUCTS
Facebook X (Twitter) Instagram LinkedIn Medium Reddit

DeFi Protocol Onyx Loses $3.8 Million in Exploit

Share IT

Key Takeaways

  • Reportedly, a  weakness in the NFT liquidation contract mainly contributed to the breach
  • The hacker exploited including 4.1 million VUSD, 7.35 million XCN, 0.23 WBTC, $5,000 worth of Dai stablecoin, and $50,000 in USDT stablecoin, totaling more than $3.8 million.

Leading decentralized finance (DeFi) protocol Onyx suffered a major exploit, resulting in a loss of $3.8 million, as per blockchain security platform PeckShield. The attack leveraged a known vulnerability in the Compound Finance v2 codebase.

In November 2023, Onyx Protocol lost roughly $2.1 million when the hacker exploited the same known bug, a rounding issue behind the popular CompoundV2 fork. In this latest instance, a weakness in the non-fungible token (NFT) liquidation contract also contributed to the breach, as confirmed by the PeckShield report.

The Onyx team addressed the exploit in a post on X (formerly Twitter) on September 27, acknowledging that the faulty NFT liquidation contract played a central role. โ€œOnyx Protocol was subject to a security incident where a nefarious actor exploited the protocol to drain VUSD from the protocol,โ€ the post read, clarifying that the NFT contract flaw was the main culprit rather than the previously known Compound vulnerability.

PeckShield’s analysis revealed that the attacker siphoned off a variety of digital assets, including 4.1 million virtual USD (VUSD), 7.35 million Onyxcoin (XCN), 0.23 Wrapped Bitcoin (WBTC), $5,000 worth of Dai stablecoin, and $50,000 in USDT stablecoin, totaling more than $3.8 million.

The Compound Finance v2 vulnerability, which affected several DeFi protocols, had been exploited before, including a notable breach of Hundred Finance in April 2023. It primarily targets what is called an “empty market,” or one with no liquidity, which is a situation that usually arises when a new market is launched.

However, this time, Onyx pointed out that while the known flaw in the Compound codebase played a part, the primary issue lay within the NFT liquidation contract. PeckShieldโ€™s report backed this, stating that the NFT contract failed to properly validate user input, allowing the attacker to inflate the self-liquidation reward amount.

The latest development comes days after an Immunefi report which revealed that in the third quarter of 2024, crypto hacks and scams amounted to $413 million in losses, which is a significant decrease from Q3 2023, where hackers stole $686 million.

Share IT
Saniya Raahath
Saniya Raahath

Get Daily Updates

Crypto News, NFTs and Market Updates

Related Posts

Trending now

online casinos in uganda
Discover the Best Online Casinos in Uganda for 2024
Ethereum Name Service
Ethereum Name Service (ENS)- An Overview
Permissionless Vs Permissioned Blockchain
Permissionless Blockchain vs Permissioned Blockchain
Best Deriv Alternatives
10 Best Deriv Alternatives to Know About
Spotify Podcast Youtube Rss

Crypto Products

Can’t find what you’re looking for? Type below and hit enter!

Facebook-f Twitter Instagram Linkedin-in Medium-m Reddit-alien
logo
Spotify Podcast Youtube Rss

Can’t find what you’re looking for? Type below and hit enter!

Facebook-f Twitter Instagram Linkedin-in Medium-m Reddit-alien