Onyx Protocol has become the latest victim of a significant exploit, losing a staggering $2.2 million worth of Ethereum (ETH) to malicious actors. The incident highlights the persistent challenges faced by DeFi projects and the need for robust security measures within the crypto space.
The Exploit Unveiled
Blockchain analytics company PeckShield uncovered the exploit and promptly informed the Onyx Protocol community, revealing a breach worth $2.1 million. The hacker’s wallet showed a balance of approximately 1,164 ETH, equivalent to $2.1 million, pointing to the scale of the attack.
The hackers executed their attack by swapping various tokens, including PEPE, USDC, USDT, Wrapped Bitcoin (WBTC), PAX Gold (PAXG), DAI, and Chainlink (LINK), for ETH. Subsequently, they moved the stolen ETH tokens to their wallet. The exploit did not stop there, with an additional $61,800 being siphoned off, pushing the total losses to around $2.2 million.
To further obfuscate their tracks, the attackers transferred the ill-gotten funds to another wallet and began using the crypto mixer Tornado Cash, making it challenging to trace and recover the stolen assets.
Onyx Protocol’s Silence
Notably, the Onyx Protocol has refrained from making an official statement regarding the breach. The lack of communication has left the DeFi community anxiously awaiting updates and answers as to how such a substantial exploit could occur.
Meir Dolev, the CTO of blockchain security firm Cyvers, shed some light on the situation, attributing the exploit to a “recognized rounding problem inherent in the widely-used CompoundV2 fork.” According to Dolev, the attackers took advantage of an issue related to how amounts were rounded off, thereby facilitating the breach.
This exploit echoes a similar vulnerability that was exploited in April, leading to a $7 million loss for Hundred Finance. The crypto community is increasingly recognizing the importance of identifying and addressing such vulnerabilities before they can be exploited.
The Onyx Protocol breach adds to the growing list of security challenges faced by DeFi projects, highlighting the critical need for continuous security audits and improvements to safeguard users’ assets. As the DeFi landscape continues to evolve, these incidents underscore the importance of resilience in the face of persistent threats.