- A well-known flaw connected to a well-liked CompoundV2 fork was made public by Exploit.
- This specific flaw had previously been used in other attacks.
On October 27, a major exploit occurred on the decentralised peer-to-peer lending network Onyx Protocol, causing a loss of about $2.1 million. This hack made public a well-known flaw associated with a well-liked CompoundV2 fork; this vulnerability was previously used in another assault in April.
PeckShield, a blockchain investigator, made this security breech and its underlying issue public. The protocol failed to recognise this event, even though it may have caused financial ruin.
The focal point of the security compromise was an Onyx Protocol oPEPE market that experienced a liquidity shortfall. The attacker took advantage of the market’s lack of liquidity as well as a well-known rounding problem to exploit this vulnerability. Donations were made to borrow money from other markets that had better liquidity, which was how the attack got started. The acquired money was then sent to the hacked oPEPE market.
Once inside this market, the hackers took advantage of the rounding problem, which allowed them to profit from the attack and redeem the donated money.
Same Bug, Distinct Victim
Surprisingly, this specific issue had already been leveraged in an attack. Similar to this, an attacker used this vulnerability in April to steal $7 million from the multichain lending platform Hundred Finance. In the last hack, which targeted Hundred Finance, the exchange rate between hTOKENS and ERC-20 tokens was manipulated. The attacker was able to take out more tokens than they had put in thanks to this manipulation.
Recently, hacking has come to be associated with the crypto industry. According to sources, UniBot [UNIBOT] experienced a hacking issue on October 31. The group identified their new router’s token approval exploit as the cause of the attack. As a result, the reaction to the breach was temporarily put on hold. Users were then reassured by the team that any money lost due to the hack would be reimbursed.