en
Back to the list

Onyx Protocol Faces $3.8M Hack Due to Code Vulnerability

source-logo  cryptonewsland.com 27 September 2024 00:03, UTC
  • Onyx Protocol suffers a $3.8M hack due to a repeat flaw in its CompoundV2-based code.
  • Previous Onyx exploit in Oct 2023 led to a $2.1M loss, highlighting ongoing security issues.
  • Hexgate advises DeFi protocols to prevent token supply from hitting zero to avoid similar hacks.

The decentralized finance (DeFi) sector has witnessed another substantial financial breach with Onyx Protocol, a fork of Compound Finance, losing $3.8 million to hackers. This incident has intensified concerns over the security measures of decentralized protocols, especially those deriving their code bases from established platforms.

The breach, attributed to a known precision issue in the CompoundV2 code base, marks a repeat vulnerability that had previously facilitated a similar attack.

The Exploit Details

Blockchain security firm PeckShield first reported the suspicious transactions associated with OnyxDAO, which revealed the movement of large sums including 4.1 million VUSD and other cryptocurrencies such as XCN and USDT. The firm pointed out that the exploit was due to a precision issue that allowed the hacker to manipulate exchange rates and withdraw funds.

It seems today's victim @OnyxDAO (w/ >$3.8m loss) falls prey to a known precision issue in forked CompoundV2 code base. The drained funds include 4.1m VUSD, 7.35m XCN, 5k DAI, 0.23 WBTC, 50k USDT.

The bug is exploited to leverage a nearly empty market to manipulate the exchange… https://t.co/Apddu5aMbD pic.twitter.com/EKKRarFu5X

— PeckShield Inc. (@peckshield) September 26, 2024

This specific vulnerability had been exploited before in October 2023 when the same protocol was hacked for $2.1 million, emphasizing the recurring nature of the security flaw.

The implications of such vulnerabilities are profound, impacting user trust and the overall perception of security within the DeFi ecosystem. This incident underscores the critical need for rigorous security measures and constant vigilance among DeFi platforms, especially those using forked code bases which might inherit unseen vulnerabilities.

Industry Response and Preventative Measures

In response to the breach, discussions within the DeFi community have centered around the adoption of more robust security practices for protocols using forked code bases. Security firm Hexgate suggested that protocols like Onyx could mitigate such vulnerabilities by ensuring that the total supply of their tokens never reaches zero, a condition that makes them susceptible to similar exploits.

Moreover, the repeated nature of the breach at Onyx Protocol has prompted calls for enhanced community support and the implementation of advanced security protocols to prevent future incidents.

The DeFi community is now advocating for the creation of standardized security guidelines for all protocols, particularly those that fork from well-known projects like Compound Finance.

cryptonewsland.com