Onyx, a fork of DeFi lending protocol Compound Finance, suffered a loss of $3.2 million on Thursday, marking the second time the protocol’s smart contracts have been exploited in the past year.
According to security company Fuzzland, a malicious contract was distributed to Onyx at 11:57 a.m., about five minutes before the attack occurred. Competitors PeckShield and Cybers also took notice. suspicious Transactions at OnyxDAO before hacking.
Cybers noted that most of the losses occurred in VUSD, a US dollar-denominated stablecoin. The suspected attacker also had 521 ETH worth about $1.36 million and was reluctant to exchange the stolen assets, according to Cyvers.
According to PeckShield, which estimates losses to be close to $3.8 million, the attackers were able to siphon VUSD, DAI, and Tether stablecoins, among other cryptocurrencies, by exploiting a known bug in the forked Compound V2 code base.
“Another issue that facilitates hacking involves NFTLiquidation contracts. This was exploited to inflate self-liquidating reward amounts without properly validating (untrusted) user input.” Peckshield wrote At X.
Onyx last October suffered A $2.1 million attack and a flash loan attack that exploited an integer rounding vulnerability.
“Last year, the vulnerability was introduced when we forked a compromised complex code, so this time we introduced the vulnerability ourselves through a logic error,” Fuzzland founder Chaofan Shou said in a message to The Block.
Disclaimer: The Block is an independent media outlet delivering news, research and data. As of November 2023, Foresight Ventures is a majority investor in The Block. Foresight Ventures invests in other companies in the cryptocurrency space. Cryptocurrency exchange Bitget is an anchor LP of Foresight Ventures. The Block continues to operate independently to provide objective, impactful and timely information about the cryptocurrency industry. Below are our current financial disclosures.
© 2024 The Block. All rights reserved. This article is provided for informational purposes only. It is not provided or intended to be used as legal, tax, investment, financial or other advice.
About the author
Daniel Kuhn is a senior journalist and editor at The Block, covering the cryptocurrency industry with a particular focus on technology. He previously served as Associate Editor for Opinion/Features at CoinDesk. He was first published in the trade publication Financial Planning. Before journalism, I studied philosophy as an undergraduate, English literature as a graduate student, and business and economics reporting in NYU’s professional program. Connect with him on Twitter and Telegram @danielgkuhn or find him on Urbit as ~dorrys-lonreb.