Fun

Onyx protocol exploited a second time for $3.8M via known bug

News Feed - 2024-09-27 11:09:45

Christopher Roark10 hours agoOnyx protocol exploited a second time for $3.8M via known bugThe decentralized finance app lost nearly $4 million thanks to an interaction between an old bug and a new input validation vulnerability.746 Total views12 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTCOINTELEGRAPH IN YOUR SOCIAL FEEDFollow ourSubscribe onDecentralized finance (DeFi) protocol Onyx was exploited for $3.8 million on Sept. 26, according to a report from blockchain security platform PeckShield. The exploit used a known bug in the Compound Finance v2 codebase — one that had already been used to exploit Onyx previously on Nov. 1. A vulnerability in the non-fungible token (NFT) liquidation contract also contributed to the exploit, the report stated.


In a Sept. 27 X post, the Onyx team claimed that the faulty NFT contract was the root cause of the exploit.


According to the PeckShield report, 4.1 million virtual USD (VUSD), 7.35 million Onyxcoin (XCN), 0.23 Wrapped Bitcoin (WBTC), $5,000 worth of the Dai (DAI) stablecoin and $50,000 worth of the USDt (USDT) stablecoin were drained from the protocol, for a total of over $3.8 million in losses.Source:PeckShield


The known vulnerability exists in version 2 of Compound Finance, which is a codebase often forked and used by decentralized finance protocols. It led to an exploit against Hundred Finance in April 2023. In

October 2023, the vulnerability was used against Onyx for the first time.


Related:Onyx Protocol suffers $2.1M Hundred Finance copycat attack


The flaw can only be exploited when an “empty market,” or a market with no liquidity, exists, which generally only happens when a new market is launched.


The Onyx team acknowledged the exploit in an X post. “Onyx Protocol was subject to a security incident where a nefarious actor exploited the protocol to drain VUSD from the protocol,” it stated. However, it claimed that the known flaw was not its primary cause. “The primary issue wasn’t an empty market but the NFTLiquidation Contract,” it stated in a thread.


Peck Shield agreed that the NFT contract was “[a]nother issue that facilitates the hack.” The faulty contract allowed the attacker to “inflate the self-liquidation reward amount” because it didn’t “properly validate (untrusted) user input.”Onyx NFT contract vulnerability. Source: PeckShield


DeFi exploits are a common source of losses for Web3 users. On Sept. 27, liquid staking protocol Bedrock lost over $2 million due to a vulnerability in its uniBTC contract. On Sept. 23, Bankroll Network was drained of $230,000 when an attacker made multiple self-transfers, exploiting a faulty “buyFor” function to inflate their profits.# Ethereum# Hackers# Cybersecurity# DeFiAdd reaction

News Feed
Tom Blackstone9 hours agoMultichain victims search for answers in $1.5B exploit as new evidence emergesChinese police may have busted Multichain in a money laundering investigation, but many questions remain, including i
2023-08-24 00:00 AM
Bitcoin Surges by More Than 37% Against US Dollar This Week, Taps $28K on Sunday
Bitcoin Surges by More Than 37% Against US Dollar This Week, Taps $28K on Sunday Bitcoin reached a high of $28,422 per unit on Sunday at around 3 p.m. Eastern Time as the leading c
2023-03-20 04:30 AM
Ore wins Solana hackathon despite disrupting Solana’s network in April
Brayden Lindrea3 hours agoOre wins Solana hackathon despite disrupting Solana’s network in AprilA sudden rise in Ore mining transactions was one of the main culprits behind Solana’s April congestion issue, where up t
2024-05-07 14:06 PM
Ezra Reguerra2 hours agoEOS secures regulatory approval in Japan, will trade against yenThe EOS Network Foundation announced that the EOS token will start trading on the Japanese exchange BitTrade in September.805 Total
2023-08-30 15:10 PM
Ezra Reguerra10 hours agoSingapore commits $112M to support fintech solutions like Web3Singapore’s central bank recognized the importance of partnering with industry players to support solutions from emerging technolog
2023-08-07 22:37 PM
Bitcoin’s Early Days: Reporter Recalls $200K Sushi Dinner After Spending 10 BTC, Former Bitcoin Dev Sells 55,000 BTC for Under $30 a Coin
Bitcoin’s Early Days: Reporter Recalls $200K Sushi Dinner After Spending 10 BTC, Former Bitcoin Dev Sells 55,000 BTC for Under $30 a Coin As bitcoin touched an
2020-12-19 12:30 PM
Tom Blackstone5 hours agoOptimism transaction volumes surpass Abitrum’s for the first time in six monthsOptimism lost the top spot to Arbitrum in January, after the end of its season one “quest," but has regaine
2023-07-28 03:30 AM
SEC Charges Against FTX, Alameda Execs Wang and Ellison Reveal Key Findings, US Regulator Says FTT Is a Security
SEC Charges Against FTX, Alameda Execs Wang and Ellison Reveal Key Findings, US Regulator Says FTT Is a Security On Dec. 21, 2022, members of U.S. law enforcement detailed that FTX
2022-12-23 07:00 AM
ABEY Is One of the Fastest-Growing Blockchains in the World Adding 20,000 New Addresses Each Week
ABEY Is One of the Fastest-Growing Blockchains in the World Adding 20,000 New Addresses Each Week sponsored This week, ABEY has announced that it has been adding an average of 20,00
2021-09-16 14:00 PM
Circle Launches Cross-Chain Transfer Protocol, USDC Issuer Acquires Payment Orchestration Firm Elements
Circle Launches Cross-Chain Transfer Protocol, USDC Issuer Acquires Payment Orchestration Firm Elements On Thursday, at the Converge22 event in San Francisco, Circle announced the
2022-09-30 14:30 PM
Biggest Movers: DOGE Extends Declines on Thursday, Falling by Nearly 9%
Biggest Movers: DOGE Extends Declines on Thursday, Falling by Nearly 9% Dogecoin was one of Thursday’s biggest movers, as the meme coin fell by as much as 9%. The decline co
2023-04-07 00:15 AM
Bitcoin Price To $95,000? Here’s What Needs To Happen First
Este artículo también está disponible en español. The Bitcoin price has now broken above the $68,000mark amid a run of a 12% price increasein the past seven days. However
2024-10-18 19:00 PM