Attacker Exploits Rounding Issue to Steal $2.1 Million From Onyx Protocol

DeFi Hack
Last updated:
Author
Author
Ruholamin Haqshanas
About Author

Ruholamin Haqshanas is a contributing crypto writer for CryptoNews. He is a crypto and finance journalist with over four years of experience. Ruholamin has been featured in several high-profile crypto...

Last updated:
Why Trust Cryptonews
For over a decade, Cryptonews has covered the cryptocurrency industry, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.
Image Source: Pixabay

DeFi project Onyx Protocol has fallen victim to a security breach, losing more than $2 million worth of crypto assets.

According to a recent post by blockchain security firm Polyzoa, the attacker exploited a rounding issue within the Onyx Protocol to steal $2.1 million worth of funds from the platform.

“The attacker exploited this issue to steal $2.1M from the oPEPE market, which had been deployed just five days prior with no liquidity,” the post read.

To execute the exploit, the attacker initiated their scheme by making a seemingly innocuous donation of a small sum to the oPEPE market.

This enabled them to borrow a substantial amount of funds from other markets that possessed ample liquidity. The donated funds were utilized as collateral for the borrowing process.

“The attacker then redeemed the borrowed funds, exploiting the rounding issue to make a profit.”

It is worth noting that this attack bears similarities to the exploit employed in the Hundred Finance hack.

In that instance, the attacker manipulated interest rates to borrow a higher sum than anticipated, ultimately achieving their malicious objectives.

Onyx Protocol is a blockchain-based technology company that claims to provide a wiser economic model.

The project creates cryptographic ledgers and cloud infrastructure that supports Web3 services and financial products.

Onyx Protocol has not yet addressed the attack.

Crypto Players Join Forces to Compete Against Scams

Just yesterday, MetaMask announced that it has teamed up with security firm Blockaid to introduce a new feature aimed at bolstering user security.

As of now, MetaMask desktop users have the option to opt-in to the new security feature by enabling the MetaMask experimental setting and adding the Privacy Preserving Offline Module (PPOM).

Developed by MetaMask, PPOM serves as an offline security engine that simulates and validates transactions and signatures before signing them.

It achieves this by utilizing node RPC communication requests to a configured node provider, ensuring that no sensitive data is sent to external servers.

In another attempt to fight bad actors, a U.S.-led alliance comprising forty countries has committed to signing a pledge that they will never pay ransom to cybercriminals.

The initiative, known as the International Counter Ransomware Initiative, is intended to eliminate the funding mechanism for hackers.

The move comes as the number of ransomware attacks continues to grow globally, with the United States being the hardest hit, accounting for 46% of such attacks.

According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.

In total, approximately $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits. 

More Articles

News
IcomTech Promoter Sentenced To Decade In Federal Prison
Julia Smith
Julia Smith
2024-12-04 22:11:25
DeFi News
Sol Strategies Sets the Stage for Growth with New Validator Acquisition
Hassan Shittu
Hassan Shittu
2024-12-04 19:20:27
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors