Attacker Exploits Rounding Issue to Steal $2.1 Million From Onyx Protocol


Image Source: Pixabay

DeFi project Onyx Protocol has fallen victim to a security breach, losing more than $2 million worth of crypto assets.

According to a recent post by blockchain security firm Polyzoa, the attacker exploited a rounding issue within the Onyx Protocol to steal $2.1 million worth of funds from the platform.

“The attacker exploited this issue to steal $2.1M from the oPEPE market, which had been deployed just five days prior with no liquidity,” the post read.

To execute the exploit, the attacker initiated their scheme by making a seemingly innocuous donation of a small sum to the oPEPE market.

This enabled them to borrow a substantial amount of funds from other markets that possessed ample liquidity. The donated funds were utilized as collateral for the borrowing process.

“The attacker then redeemed the borrowed funds, exploiting the rounding issue to make a profit.”

It is worth noting that this attack bears similarities to the exploit employed in the Hundred Finance hack.

In that instance, the attacker manipulated interest rates to borrow a higher sum than anticipated, ultimately achieving their malicious objectives.

Onyx Protocol is a blockchain-based technology company that claims to provide a wiser economic model.

The project creates cryptographic ledgers and cloud infrastructure that supports Web3 services and financial products.

Onyx Protocol has not yet addressed the attack.

Crypto Players Join Forces to Compete Against Scams

Just yesterday, MetaMask announced that it has teamed up with security firm Blockaid to introduce a new feature aimed at bolstering user security.

As of now, MetaMask desktop users have the option to opt-in to the new security feature by enabling the MetaMask experimental setting and adding the Privacy Preserving Offline Module (PPOM).

Developed by MetaMask, PPOM serves as an offline security engine that simulates and validates transactions and signatures before signing them.

It achieves this by utilizing node RPC communication requests to a configured node provider, ensuring that no sensitive data is sent to external servers.

In another attempt to fight bad actors, a U.S.-led alliance comprising forty countries has committed to signing a pledge that they will never pay ransom to cybercriminals.

The initiative, known as the International Counter Ransomware Initiative, is intended to eliminate the funding mechanism for hackers.

The move comes as the number of ransomware attacks continues to grow globally, with the United States being the hardest hit, accounting for 46% of such attacks.

According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.

In total, approximately $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits. 

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *