Breaking
November 22, 2024

Onyx protocol hacked again for $3.8M through exchange rate exploit | usagoldmines.com

The Onyx lending and borrowing platform has been exploited for $3.8M. Hacken, the security auditing hub, analyzed the unusual activity on the platform and estimated the nature of the attack. 

Onyx Protocol has been affected by an exploit, losing $3.8M. The attack was achieved via a custom-generated malicious contract, deployed just minutes before calling to Onyx. The hacker managed to drain Virtual USD (VUSD), the protocol’s native stablecoin. This is the second hack for Onyx since November 3, 2023, when the TVL of the project also crashed. The exploit led to additional social media attacks, with faked links claiming to safeguard assets. The best approach is to only interact with the official social media of Onyx Protocol. 

Onyx announced that VUSD itself is not affected and will continue to function. However, the exploit ended up destroying the stablecoin’s peg, despite the extra collateral. VUSD crashed to a low of $0.39 and did not recover its $1 nominal level immediately. 

Virtual USD (VUSD) lost its $1 peg after the exploit, not recovering despite the collateral. | Source: Coinmarketcap

While the final sum that the hacker managed to withdraw is small, the protocol’s losses may be deeper. The VUSD token has a nominal circulating supply above $51M, but its current market capitalization is at $19M. 

Onyx faced precision exploit of its exchange rate

One of the reasons for the Onyx exploit was the availability of low-liquidity pools. Analysis by Hacken estimated the exploit was due to an exchange rate miscalculation, when there is low liquidity in some pairs. The hacker prepared a smart contract to swap WETH for Onyx ETH (oETH). 

Starting with a 2,000 WETH loan from Balancer, the hacker moved through several crypto assets. At the same time, the malicious contract spammed Onyx with a series of low-value ETH transactions. The result of the swaps and pool transfers netted the hacker with 3.8M VUSD, nominally valued at $3.8M. 

The final transaction managed to withdraw 300K VUSD, which were swapped for ETH using CoW Protocol split trades. The transactions caused some slippage and the VUSD price was lower than the $1 nominal, so one of the outgoing transactions was for $191K

Other assets from Onyx also affected

The series of attacks against Onyx pools affected several assets. Peckshield identified transfers of 4.1m VUSD, 7.35m Onyxcoin (XCN), 5k DAI, 0.23 WBTC, 50k USDT. All of the transfers happened in one transaction, carried out by the malicious smart contract. 

The hacker also took away multiple tokens: WETH, XCN, DAI, WBTC, and USDT. | Source: Etherscan

Onyx is a Compound V2 hard fork, carrying all the flaws of the protocol. Onyx itself has been hacked before in a similar way, exploiting value calculations and the exchange rate on illiquid pairs. 

Sonne Protocol was exploited in May, again due to known flaws on Compound V2, which affected all forked projects and have not been repaired. The flaw is seen whenever the protocol initiates new, unfunded markets. The introduction of new pairs in a dynamic DeFi space has multiplied the problem, leading to several hacks. 

Due to the miscalculation, the hacker could call the protocol’s smart contract and receive much bigger loans in exchange for negligible collateral. 

The current Onyx attack has a similar structure to the Sonne Protocol hack, again withdrawing a substantial amount of tokens for minimal collateral. The long series of 56 spam transactions whittled away at the Onyx exchange rate, again allowing the hacker to withdraw all funds for a tiny collateral. 

So far, no NFTs have been affected. Onyx Protocol hosts Bored Ape (BAYC) and Mutated Ape (MAYC) NFT for up to 37% annualized passive income. PeckShield also detected a flaw with the project’s NFT contract, though this has not led to an additional exploit.

The attack may be the work of a rogue employee

The Onyx protocol attack is relatively small, even compared to individual wallet attacks. The effect on the value of VUSD and other assets may be bigger. But the attack may be exposing another serious threat to crypto projects – rogue employees. 

The Onyx protocol exploit may be due to a North Korean hacker posing as a project developer. Researchers claim they have contacted the Onyx team with potential evidence of ties to DRPK hackers. 

On the other hand, the Compound V2 vulnerability is well-known, and may not have required insider knowledge to exploit. 

Cryptopolitan reporting by Hristina Vasileva

 

Recent:

Retail investors missed the 2024 Bitcoin (BTC) bull run Hristina Vasileva | usagoldmines.com
DeepSeek challenges OpenAI with transparent AI breakthrough, beating OpenAI in 3 parameters Shraddha...
South Korea’s Largest Political Party Launches Bid to Raise Crypto Tax Threshold Tim Alper | usagold...
Ethereum Approaches Range High as Catslap Presale Goes Viral – Is This the Best Meme Coin to Buy Now...
Dogecoin Set To Rally: Market Expert Claims DOGE’s Next Big Run Is Imminent Godspower Owie | usagold...
Charles Schwab to enter spot crypto market once regulations improve Assad Jafri | usagoldmines.com
US court strikes down controversial SEC ‘dealer’ rule Assad Jafri | usagoldmines.com
DeepSeek challenges OpenAI with transparent AI breakthrough, beating OpenAI in 3 parameters Shraddha...
Bitcoin Set For Price Correction Post Surge, Galaxy CEO Mike Novogratz Says Julia Smith | usagoldmin...
Dogecoin Top Holders With Big Moves, Is This the Next Coin to Go Parabolic? Hassan Shittu | usagoldm...
Top Crypto Gainers Today on DEXTools – SIMP, WSPnut, DDBAM Hassan Shittu | usagoldmines.com
Crypto Analyst Predicts 37% Upshoot For Dogecoin Price, Points Out Support Levels Scott Matherson | ...
Ethereum Sees Neutral Netflow On Binance: What Does This Signal? Samuel Edyme | usagoldmines.com
SEC Chair Gary Gensler to Step Down on January 20, 2025 Hassan Shittu | usagoldmines.com
Trump Considers Chris Giancarlo for First-Ever White House Crypto Czar Role Hongji Feng | usagoldmin...
Mastercard, J.P. Morgan Join Forces for Seamless Global Blockchain Payments Veronika Rinecker | usag...
Galaxy Digital CEO Mike Novogratz says Bitcoin reaching $100,000 is ‘just the start’ Gino Matos | us...
FTX finalizes Chapter 11 plan, distributions expected by January 2025 Jai Hamid | usagoldmines.com
As Bitcoin Nears $100,000, What’s Satoshi Nakamoto’s Net Worth? Arnold Kirimi | usagoldmines.com
Ethereum ETFs See Best Week Since Launch — Colossal Ether Bull Run Ahead? Muthoni Mary Kiama | usago...
Face-Melting XRP Rally Incoming? Crypto Nemesis Gary Gensler To Resign When Trump Assumes Office Bre...
MARA Completes $1 Billion Convertible Note Sale to Fund Bitcoin Acquisition Hongji Feng | usagoldmin...
Donald Trump Narrows Treasury Secretary Selection As He Meets With Billionaire Marc Rowan Julia Smit...
Former CSRC director Yao Qian implicated in cryptocurrency bribery scandal Brenda Kanana | usagoldmi...
Bitcoin Barrels Close To $98,000—Is The $100K Barrier Next? Christian Encila | usagoldmines.com
Trump eyeing former CFTC chair Chris Giancarlo for White House ‘crypto czar’ role Assad Jafri | usag...
Bitwise Registers Solana ETF in Delaware, Seeks SEC Approval Victor | usagoldmines.com
Coinbase Wallet Lets You Earn 4.7% APY on USDC Victor | usagoldmines.com
Trump Picks Crypto Ally Lutnick for Commerce Secretary Lawrence Mike Woriji | usagoldmines.com
Baidu experiences worst quarter sales decline in two years Enacy Mapakame | usagoldmines.com
SEC edges closer to Solana ETF approval amid political shifts Nellius Irene | usagoldmines.com
Former CFTC Chair Chris Giancarlo is Trump’s top pick for Crypto Czar Jai Hamid | usagoldmines.com
Meme coin searches reach a peak, hint at mainstream interest Hristina Vasileva | usagoldmines.com
Bitcoin Open Interest Hits ATH As BTC Nears $100K – What To Expect? Sebastian Villafuerte | usagoldm...
Trump’s Crypto Advisory Council to setup promised Strategic Bitcoin Reserve – Report Gino Matos | us...
Anthropic CEO encourages caution about the safety of AI models Shummas Humayun | usagoldmines.com
Elden Ring hits $20 for Black Friday Noor Bazmi | usagoldmines.com
Nvidia’s NVDA makes a new record high as stocks revive, Bitcoin tops $98,000 Jai Hamid | usagoldmine...
SUI network stalled block production for two hours Hristina Vasileva | usagoldmines.com
Microsoft Xbox Cloud Gaming enables streaming five years later Collins J. Okoth | usagoldmines.com
Huawei targets to mass produce Ascend 910C in Q1 2025 amid US sanctions Enacy Mapakame | usagoldmine...
Galaxy Digital CEO Mike Novogratz warns of Bitcoin correction soon, says market is overleveraged Jai...
Bitcoin whale MicroStrategy sees its stock plunge after Citron bets against it Jai Hamid | usagoldmi...
Elon Musk sets a Diablo 4 global record Noor Bazmi | usagoldmines.com
Ripple CLO urges new SEC leadership to “end all non-fraud crypto litigation on day 1” Brenda Kanana ...
SEC Chair Gary Gensler says he’ll step down on January 20th Jai Hamid | usagoldmines.com
Bitcoin Price Cements New All-Time High Above $98,000 As Traders Eye Landmark Six-Figure Price Brend...
White House Crypto Role Under Discussion as Bitcoin Hits $98,000 All-Time High Arnold Kirimi | usago...
MicroStrategy Ups Latest Convertible Note Offering To $2.6 Billion For Additional Bitcoin Purchases ...
Charles Hoskinson Eyes XRP Collaboration: DeFi, Stablecoins, and Midnight Integration in Focus Newto...
FTX Provides Details On $16 Billion Distribution Timeline For Customers And Creditors Ronaldo Marque...
SEC Chair Gary Gensler to step down on Jan. 20 Gino Matos | usagoldmines.com
TikTok Meme Coins The New Craze? Teenager Launches $QUANT On Stream and Goes Viral Sam Cooling | usa...
Two More Suspects Arrested in Crypto Influencer Murder Case Jimmy Aki | usagoldmines.com
ECB Pushes for Digital Euro Launch to Keep Pace with Global CBDC Race Jimmy Aki | usagoldmines.com
Best Crypto to Buy Now November 21 – FLOKI, RAY, FIL Jimmy Aki | usagoldmines.com
Bitcoin Price Almost Hits $98,000: Key Reasons Behind The Rally Jake Simmons | usagoldmines.com
Analyst Reveals When The Ethereum Price Will Reach A New ATH, It’s Closer Than You Think Scott Mathe...
CFPB spares self-hosted crypto wallets from new fintech regulations Assad Jafri | usagoldmines.com
MicroStrategy Bitcoin Bet Wreaks Havoc on Wall Street, MSTR Becomes Second Most Traded Stock After N...
U.S. Prosecutors Charge Five in $11M Crypto Theft and Hacking Scheme Ruholamin Haqshanas | usagoldmi...
Bitcoin Smashes Through $97,000 As Trump Team Signals At Firs-Ever White House Crypto Role Arslan Bu...
Reddit’s r/cryptocurrency Launches On-chain Domain for 9 Million Users Sead Fadilpašić | usagoldmine...
Bitcoin Nears 100K, Pushing ETH-to-BTC Ratio to March 2021 Low Veronika Rinecker | usagoldmines.com
Popcat Price Dips, New Meme Coin Launch Catslap Goes Viral: Best Crypto to Buy Now? Gary McFarlane |...
Is Bitcoin Cash Joining the Rally? BCH Price Up 17% In A Day Tim Hakki | usagoldmines.com
SEC closes BitClave chapter, distributes $4.6M to victims Ashish Kumar | usagoldmines.com
Chill Guy (CHILLGUY) takes over DEX trading despite copyright warnings from the author of the token’...
North Korea’s Lazarus Group steals 342,000 ETH from Upbit, South Korea’s Police confirm Florence Muc...
Marathon Digital raises $1B to buy Bitcoin Collins J. Okoth | usagoldmines.com
Peter Schiff : ‘Clearly I wish I bought Bitcoin’ Collins J. Okoth | usagoldmines.com
JP Morgan and Mastercard team up to bring foreign exchange on blockchain Noor Bazmi | usagoldmines.c...
Whale Alert: $2 Million PEPE Purchase Sees 105 Billion Tokens Snapped Up Christian Encila | usagoldm...
Polygon’s Sandeep Nailwal warns memecoin rug pulls like QUANT may invite regulatory crackdown Oluwap...
Michael Saylor loses voting rights at MicroStrategy – Will it affect Bitcoin? Florence Muchai | usag...
XRP Binance Inflows Spike: What It Means For Price Keshav Verma | usagoldmines.com
South Korea links major crypto heist to North Korea, recovers Bitcoin Oluwapelumi Adejumo | usagoldm...
Cryptocurrency clarified to be personal property in China, remains barred for businesses Oluwapelumi...
OpenAI accidentally deletes potential evidence crucial to its copyright lawsuit with the NY Times Co...
U.S founders responsible for nearly 50% of all crypto scam projects Collins J. Okoth | usagoldmines....
DEX activity on Solana is catching up with Ethereum Hristina Vasileva | usagoldmines.com
CZ Warns Crypto Community of macOS and iPhone Exploit Targeting Users Hassan Shittu | usagoldmines.c...
U.S. Bitcoin ETFs Surpass $100 Billion in Assets Amid BTC Rally Ruholamin Haqshanas | usagoldmines.c...
WisdomTree Launches Low-Cost XRP ETP on European Exchanges Tanzeel Akhtar | usagoldmines.com
Breaking: Sui Network Crashes for Over an Hour, Block Production Halted Hassan Shittu | usagoldmines...
Why is Ethereum Slacking This Bull Run? Could ETH Price Have a Breakout Moment Before End of 2024? S...
Just a Chill Guy Character Creator Moves to Enforce Copyright as $CHILLGUY Meme Coin Explodes Ruhola...
Bitfinex Hackers Saga: Netflix Doc Coming Soon, Laptop Now in the Smithsonian Sead Fadilpašić | usag...
Can Toncoin Overtake Shiba Inu? $TON Price Spikes, Market Cap Just Millions Away from $SHIB Tim Hakk...
Crypto Community’s Revenge: Solana Memecoin Rug-Pulled By Gen Z Trader Hits $80 Million Market Cap R...
SUI Price Crashes 10% As Blockchain Goes Dark, Halting Block Production Jake Simmons | usagoldmines....
Cardano Outperforms Market With 50% Surge: Here’s Why Keshav Verma | usagoldmines.com
Cardano’s Charles Hoskinson nominates Coinbase’s Brian Armstrong for Donald Trump’s crypto czar Oluw...
Sui network outage triggers 7% price drop despite broader bull market Oluwapelumi Adejumo | usagoldm...
Cardano (ADA) Price Soars as Whale Activity Surges Victor | usagoldmines.com
South Korea Names North Korea as Culprit Behind $41M Upbit Hack Ruholamin Haqshanas | usagoldmines.c...
Bitwise registers Solana Trust signalling future SEC application for SOL spot ETF Oluwapelumi Adejum...
Crypto Hack Alert: $640 Million Lost in Centralized Exchange Attacks Sohrab Khawas | usagoldmines.co...
The 2019 Upbit Hack Finally Solved: Shocking Details Vijay Gir | usagoldmines.com
XRP News: Will the XRP Price Hit $1.96 by November 24? Vignesh S G | usagoldmines.com

Leave a Reply