Fun

Onyx protocol exploited a second time for $3.8M via known bug

News Feed - 2024-09-27 11:09:45

Christopher Roark10 hours agoOnyx protocol exploited a second time for $3.8M via known bugThe decentralized finance app lost nearly $4 million thanks to an interaction between an old bug and a new input validation vulnerability.746 Total views12 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTCOINTELEGRAPH IN YOUR SOCIAL FEEDFollow ourSubscribe onDecentralized finance (DeFi) protocol Onyx was exploited for $3.8 million on Sept. 26, according to a report from blockchain security platform PeckShield. The exploit used a known bug in the Compound Finance v2 codebase — one that had already been used to exploit Onyx previously on Nov. 1. A vulnerability in the non-fungible token (NFT) liquidation contract also contributed to the exploit, the report stated.


In a Sept. 27 X post, the Onyx team claimed that the faulty NFT contract was the root cause of the exploit.


According to the PeckShield report, 4.1 million virtual USD (VUSD), 7.35 million Onyxcoin (XCN), 0.23 Wrapped Bitcoin (WBTC), $5,000 worth of the Dai (DAI) stablecoin and $50,000 worth of the USDt (USDT) stablecoin were drained from the protocol, for a total of over $3.8 million in losses.Source:PeckShield


The known vulnerability exists in version 2 of Compound Finance, which is a codebase often forked and used by decentralized finance protocols. It led to an exploit against Hundred Finance in April 2023. In

October 2023, the vulnerability was used against Onyx for the first time.


Related:Onyx Protocol suffers $2.1M Hundred Finance copycat attack


The flaw can only be exploited when an “empty market,” or a market with no liquidity, exists, which generally only happens when a new market is launched.


The Onyx team acknowledged the exploit in an X post. “Onyx Protocol was subject to a security incident where a nefarious actor exploited the protocol to drain VUSD from the protocol,” it stated. However, it claimed that the known flaw was not its primary cause. “The primary issue wasn’t an empty market but the NFTLiquidation Contract,” it stated in a thread.


Peck Shield agreed that the NFT contract was “[a]nother issue that facilitates the hack.” The faulty contract allowed the attacker to “inflate the self-liquidation reward amount” because it didn’t “properly validate (untrusted) user input.”Onyx NFT contract vulnerability. Source: PeckShield


DeFi exploits are a common source of losses for Web3 users. On Sept. 27, liquid staking protocol Bedrock lost over $2 million due to a vulnerability in its uniBTC contract. On Sept. 23, Bankroll Network was drained of $230,000 when an attacker made multiple self-transfers, exploiting a faulty “buyFor” function to inflate their profits.# Ethereum# Hackers# Cybersecurity# DeFiAdd reaction

News Feed

Is Dogecoin copying the 2020 fractal that sent DOGE price soaring 15,800%?
Yashu Gola8 hours agoIs Dogecoin copying the 2020 fractal that sent DOGE price soaring 15,800%?DOGE"s bullish fractal also gains support from expectations of interest rate cuts, the upcoming Bitcoin halving, and Elon Mus
Dogecoin Demand Slumps—Nearly 70% Drop In Open Interest Raises Concerns
Este artículo también está disponible en español. Investor enthusiasm for Dogecoin is sharply declining. Over 67% of the open interest on the meme coin has decreased in t
Chinese Official Warns Libra Could Abet Illegal Cross-Border Transfers
Libra must abide by international foreign exchange regulations or “it should be banned,” a senior Chinese regulator said Monday. Sun Tianqi, chief accountant of China’s State
What is Kelly criterion betting, and how to use it in crypto trading?
Onkar Singh9 hours agoWhat is Kelly criterion betting, and how to use it in crypto trading?Discover how the Kelly criterion betting strategy can enhance your crypto trading performance by optimizing risk management and m
Marcel Pechman8 hours agoBitcoin traders put eyes on $31K even as $2B in BTC options expire on FridayBTC traders fix their eyes on $31,000 even as $2 billion in Bitcoin options are set to expire on July 28.3616 Total vie
US Treasury Targets Crypto Exchanges in Whole-of-Government Effort to Counter Ransomware
US Treasury Targets Crypto Exchanges in Whole-of-Government Effort to Counter Ransomware The U.S. Department of the Treasury has taken actions targeting cryptocurrency exchanges &#
Tron Hits Key Price Levels as Revenue and Adoption Soar: What’s Next?
Este artículo también está disponible en español. Despite broader bearish trends in the cryptocurrency market, Tron (TRX) has demonstrated resilience with notable growth
Bitcoin price advance toward $68K sets a bullish path for SOL, ICP, GRT and BONK
Rakesh Upadhyay3 hours agoBitcoin price advance toward $68K sets a bullish path for SOL, ICP, GRT and BONKSolid inflows into spot Bitcoin ETFs reflect investors" bullish sentiment, and this could push SOL, ICP, GRT and B
Russian Central Bank Attributes Recent Ruble Depreciation to Lower Forex Sales by Exporters
Russian Central Bank Attributes Recent Ruble Depreciation to Lower Forex Sales by Exporters The Russian central bank has attributed the ruble’s latest plunge against the U.S.
Are the Bulls Still in Control? Bitcoin Faces Pressure After Massive Long Position Wipeout
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
GBTC Manager Insists the ‘Holdings of Grayscale’s Digital Asset Products Are Safe and Secure’
GBTC Manager Insists the ‘Holdings of Grayscale’s Digital Asset Products Are Safe and Secure’ On Nov. 18, 2022, at 5:47 p.m. (ET), Grayscale Investments’ official Twit
Bitcoin Price Could Soon Break $100,000, Blockchain Firm Explains How
Este artículo también está disponible en español. The Bitcoin price continued its red-hot form over the past week, printing successive all-time highs in less than five da