Breaking
December 4, 2024

Onyx protocol hacked again for $3.8M through exchange rate exploit | usagoldmines.com

The Onyx lending and borrowing platform has been exploited for $3.8M. Hacken, the security auditing hub, analyzed the unusual activity on the platform and estimated the nature of the attack. 

Onyx Protocol has been affected by an exploit, losing $3.8M. The attack was achieved via a custom-generated malicious contract, deployed just minutes before calling to Onyx. The hacker managed to drain Virtual USD (VUSD), the protocol’s native stablecoin. This is the second hack for Onyx since November 3, 2023, when the TVL of the project also crashed. The exploit led to additional social media attacks, with faked links claiming to safeguard assets. The best approach is to only interact with the official social media of Onyx Protocol. 

Onyx announced that VUSD itself is not affected and will continue to function. However, the exploit ended up destroying the stablecoin’s peg, despite the extra collateral. VUSD crashed to a low of $0.39 and did not recover its $1 nominal level immediately. 

Virtual USD (VUSD) lost its $1 peg after the exploit, not recovering despite the collateral. | Source: Coinmarketcap

While the final sum that the hacker managed to withdraw is small, the protocol’s losses may be deeper. The VUSD token has a nominal circulating supply above $51M, but its current market capitalization is at $19M. 

Onyx faced precision exploit of its exchange rate

One of the reasons for the Onyx exploit was the availability of low-liquidity pools. Analysis by Hacken estimated the exploit was due to an exchange rate miscalculation, when there is low liquidity in some pairs. The hacker prepared a smart contract to swap WETH for Onyx ETH (oETH). 

Starting with a 2,000 WETH loan from Balancer, the hacker moved through several crypto assets. At the same time, the malicious contract spammed Onyx with a series of low-value ETH transactions. The result of the swaps and pool transfers netted the hacker with 3.8M VUSD, nominally valued at $3.8M. 

The final transaction managed to withdraw 300K VUSD, which were swapped for ETH using CoW Protocol split trades. The transactions caused some slippage and the VUSD price was lower than the $1 nominal, so one of the outgoing transactions was for $191K

Other assets from Onyx also affected

The series of attacks against Onyx pools affected several assets. Peckshield identified transfers of 4.1m VUSD, 7.35m Onyxcoin (XCN), 5k DAI, 0.23 WBTC, 50k USDT. All of the transfers happened in one transaction, carried out by the malicious smart contract. 

The hacker also took away multiple tokens: WETH, XCN, DAI, WBTC, and USDT. | Source: Etherscan

Onyx is a Compound V2 hard fork, carrying all the flaws of the protocol. Onyx itself has been hacked before in a similar way, exploiting value calculations and the exchange rate on illiquid pairs. 

Sonne Protocol was exploited in May, again due to known flaws on Compound V2, which affected all forked projects and have not been repaired. The flaw is seen whenever the protocol initiates new, unfunded markets. The introduction of new pairs in a dynamic DeFi space has multiplied the problem, leading to several hacks. 

Due to the miscalculation, the hacker could call the protocol’s smart contract and receive much bigger loans in exchange for negligible collateral. 

The current Onyx attack has a similar structure to the Sonne Protocol hack, again withdrawing a substantial amount of tokens for minimal collateral. The long series of 56 spam transactions whittled away at the Onyx exchange rate, again allowing the hacker to withdraw all funds for a tiny collateral. 

So far, no NFTs have been affected. Onyx Protocol hosts Bored Ape (BAYC) and Mutated Ape (MAYC) NFT for up to 37% annualized passive income. PeckShield also detected a flaw with the project’s NFT contract, though this has not led to an additional exploit.

The attack may be the work of a rogue employee

The Onyx protocol attack is relatively small, even compared to individual wallet attacks. The effect on the value of VUSD and other assets may be bigger. But the attack may be exposing another serious threat to crypto projects – rogue employees. 

The Onyx protocol exploit may be due to a North Korean hacker posing as a project developer. Researchers claim they have contacted the Onyx team with potential evidence of ties to DRPK hackers. 

On the other hand, the Compound V2 vulnerability is well-known, and may not have required insider knowledge to exploit. 

Cryptopolitan reporting by Hristina Vasileva

 

Recent:

Cardano introduces plan 529 ahead of Plomin hard fork upgrade Brenda Kanana | usagoldmines.com
China’s AI boom raises 2 massive censorship red flags Shraddha Sharma | usagoldmines.com
Crypto regulations, security risk buzzes India Blockchain week Ashish Kumar | usagoldmines.com
Dogecoin Price Continues Trading Sideways But Bullish Pennant Says Get Ready For $1.30 Scott Mathers...
New York Mayor Eric Adams has the last laugh as Bitcoin hovers near $100k Gino Matos | usagoldmines....
Big $KOII Airdrop for Solana Seeker Pre-Orders Victor | usagoldmines.com
3 Top Low-Cap Altcoins: Best to Buy Now Stu L | usagoldmines.com
Coinbase Assets adds Gigachad (GIGA) and Turbo (TURBO) to its roadmap Hristina Vasileva | usagoldmin...
Citadel CEO Ken Griffin says he regrets not buying crypto in its bear market Florence Muchai | usago...
XRP’s meticulous 80% rise in 7 days: Is Forbes’ ‘Zombie Token’ list the next inverse fund bet? Shrad...
Putin says America is “eroding the foundation of its own economic dominance” Jai Hamid | usagoldmine...
Vestra DAO (VSTR) smart contract exploited less than a month after its launch Hristina Vasileva | us...
2 IcomTech Ponzi scheme promoters sentenced to 10 years in prison Florence Muchai | usagoldmines.com
Music Group Abba’s co-founder says ‘very unfair’ AI poses threat to artists revenue Hannah Collymore...
Donald Trump officially appoints pro-crypto Paul Atkins to replace Gary Gensler as SEC Chair Florenc...
Shibarium Upgrade Sparks SHIB Rally – Can It Propel Shiba Inu to $1? Hassan Shittu | usagoldmines.co...
Sol Strategies Sets the Stage for Growth with New Validator Acquisition Hassan Shittu | usagoldmines...
Binance Coin Hits All-Time High With Market Buzz Growing Around a New Coin Launch Tim Hakki | usagol...
Donald Trump Considering Caroline Pham, Perianne Boring for CFTC Chair Julia Smith | usagoldmines.co...
Why Are XRP and Cardano Going Up? This Low Cap Utility Token Blasts Past $2M In ICO  Tim Hakki | usa...
Grayscale’s Spot Solana ETF Could Ignite SOL to $400 – Here’s Why Bulls Are Watching Simon Chandler ...
BIT Mining Continues Focus on Litecoin and Dogecoin Mining Hongji Feng | usagoldmines.com
Dogecoin Is ‘Ready To Run Again’ – Analyst Expects 60% Rally Sebastian Villafuerte | usagoldmines.co...
Unyted + Vesa Vesa | usagoldmines.com
Trump confirms nomination of Paul Atkins as the new SEC chair Gino Matos | usagoldmines.com
Putin says Bitcoin is inevitable, endorses BTC over US dollar as global reserve currency Assad Jafri...
Tron’s TRX Copies XRP With Epic 70% Price Explosion To New All-Time High Of $0.43 Brenda Ngari | usa...
Michael Saylor Goes Mega Bullish, Points to $180,000 Bitcoin Price Aliyu Pokima | usagoldmines.com
Flockerz Raises $4.3M in Presale, Set to Become the Next Meme Coin Like $PNUT – $1B Market Cap Poten...
XRP Traders Rotate Profits Into Trending Meme Coin Catslap, $SLAP Price up 272% in 7 Days, CEX Listi...
BNB Price Surge: Upbeat Momentum Builds After $724 Breakout Godspower Owie | usagoldmines.com
South Korea’s crypto volumes spike as Woori eyes over $300 million Upbit exit Oluwapelumi Adejumo | ...
2024’s top performing layer 1 networks: CoinGecko report Florence Muchai | usagoldmines.com
The global economy might miss its chance for growth recovery next year, says OECD Jai Hamid | usagol...
The Fed’s reaction to Trump’s tariffs will be powerful – and quite negative Jai Hamid | usagoldmines...
Russia’s president Putin goes full-on pro-crypto, says no one can ban Bitcoin Jai Hamid | usagoldmin...
Exchange tokens BNB, BGB, and GT hit all-time high (ATH) levels Florence Muchai | usagoldmines.com
Tron to adopt MicroStrategy’s playbook Brenda Kanana | usagoldmines.com
Ripple’s RLUSD stablecoin launch set for Dec 2024 – Here’s all you need to know before the launch Fl...
Regulatory uncertainty to blame for dismal uptake of stablecoins in global e-commerce Nellius Irene ...
Crypto’s Biggest Ever Meme Coin Presale Pepe Unchained ($PEPU) Raises an Unprecedented $70 Million a...
XRP Surges Amid Bullish Wedge Pattern – Analyst Claims It Will Never Drop ‘Below $2 Again’ Simon Cha...
Best Crypto to Buy Now December 4 – TRX, HYPE, MNT Jimmy Aki | usagoldmines.com
Safe Aims for Visa-Like Crypto Payments with Safenet Cross-Chain Transactions Hassan Shittu | usagol...
U.S. Government Transfers $33.6 Million in Seized FTX Crypto to Strange Addresses Jimmy Aki | usagol...
PEPE Price Surges 128% in November, While WEPE Token Presale Storms to $400K – Could $WEPE Be Decemb...
Hut 8 Launches $500M ATM Program and $250M Stock Repurchase Plan Hongji Feng | usagoldmines.com
The Fed’s reaction to Trump’s tariffs will be powerful – and quite negative Jai Hamid | usagoldmines...
$1.87B Bitcoin Withdrawals From Coinbase In 24H – What This Means To Price Sebastian Villafuerte | u...
Ethereum Price Is About To Confirm A Golden Cross On The Daily Time Frame, Here’s What Happened Last...
2024’s top performing layer 1 networks: CoinGecko report Florence Muchai | usagoldmines.com
Ripple, Cardano lead altcoin surge as market cap nearly doubles to $1.55 trillion Oluwapelumi Adejum...
Australia’s ASIC explores stablecoins, wrapped tokens in new crypto framework Oluwapelumi Adejumo | ...
PancakeSwap introduces SpringBoard, its own meme token launch platform Hristina Vasileva | usagoldmi...
Argo Blockchain Records $3.4 Million Revenue Despite Decline in Bitcoin Mining Jimmy Aki | usagoldmi...
Bitcoin Price Action Forms ‘Symmetrical Triangle’ Pattern – Breakout to $100,000 Incoming? Simon Cha...
XRP Under The Microscope: Will It Break $2.9? Key Support Levels And Future Targets Ronaldo Marquez ...
Phantom Wallet Simplifies Crypto with Email and PIN Victor | usagoldmines.com
GAIB Secures $5M to Create AI Compute Economic Layer Victor | usagoldmines.com
Magic Eden Launches on Sei Network Victor | usagoldmines.com
Celebrating Crypto’s Early Icons: BTCC OG Week Honors Bitcoin and Meme Coin Pioneers KEY Difference ...
Australia’s ASIC proposes updates to crypto asset guidance Vignesh Karunanidhi | usagoldmines.com
Britain plans to take on the US as a global crypto hub — but can they? Florence Muchai | usagoldmine...
Bank of Korea Governor says interest rate cuts unlikely after unprecedented political unrest Florenc...
Tezos Aims to Democratize Uranium Trading with Blockchain-Based Uranium.io Platform Ruholamin Haqsha...
U.S. Spot Bitcoin ETFs See $676M in Inflows as Holdings Surpass 1M BTC Ruholamin Haqshanas | usagold...
If Dogecoin Mirrors Last Cycle, The Surge To $4 Begins At Week’s End Jake Simmons | usagoldmines.com
After Ripple’s XRP surge price now compares to America’s top 100 companies by market cap Oluwapelumi...
Phantom Safe from Solana Web3.js Bug; Upgrade to 1.95.8 Urged Hassan Shittu | usagoldmines.com
PancakeSwap Reveals No-Code Token Launchpad Platform ‘SpringBoard’ Sead Fadilpašić | usagoldmines.co...
Missouri Senate introduces bill to disqualify CBDCs as legal tender Liam 'Akiba' Wright | usagoldmin...
Bitcoin Well Adopts Canada’s First Bitcoin Treasury Victor | usagoldmines.com
Former Celsius CEO Alex Mashinsky Pleads Guilty to Fraud Victor | usagoldmines.com
Why is the crypto market down today? Liquidations near $600M, and bulls take a rest Florence Muchai ...
Whales are accumulating Solana (SOL) and Pepe (PEPE), what may be the reason? Hristina Vasileva | us...
Whale Activity Sparks Chainlink Rally, $52 Target On Traders’ Radar Christian Encila | usagoldmines....
Coinbase faces backlash over discouraging VPN access due to security concerns Oluwapelumi Adejumo | ...
Bitcoin Drops 30% on Upbit Amid South Korean Martial Law Victor | usagoldmines.com
South Korea Delays Crypto Tax for Two Years Victor | usagoldmines.com
Dubai’s virtual asset regulator issues alert against XT.com and six other crypto entities Lara Abdul...
South Korean Won strengthens, while XRP, BTC, and equities tank amid calls for the president to step...
XRP Price Eying Biggest Run In Years As Expert Tip Massive Bull Flag Pattern Aliyu Pokima | usagoldm...
Hut 8 Moves to Dismiss Shareholder Lawsuit, Claims It Stemmed From a Short Seller Ruholamin Haqshana...
Ethereum Price Dips, But Analysts Predict Explosive Surge to $15,000—Here’s Why Samuel Edyme | usago...
Bitcoin ETFs cross $1 billion in early December as price threatens $100k Liam 'Akiba' Wright | usago...
XRP Price Prediction: Can It Break Through the $3 Barrier Before January? Qadir AK | usagoldmines.co...
Australia’s New Crypto Rules Says Crypto Compliance No Longer Optional!  Mustafa Mulla | usagoldmine...
Virgin Voyages Accepts Bitcoin for Annual Cruise Pass Victor | usagoldmines.com
Binance Coin (BNB) breaks to new ATH, boosted by general altcoin trend Hristina Vasileva | usagoldmi...
Wall Street’s December opens cold, but a thaw may be around the corner Jai Hamid | usagoldmines.com
Siberian Local Gov’t Official Caught ‘Illegally Mining Crypto in His Garage’ Tim Alper | usagoldmine...
Ex-Celsius CEO Alex Mashinsky Pleads Guilty to Fraud Charges in Crypto Lender Scandal Shalini Nagara...
Australia’s Financial Watchdog Calls for Opinions on Digital Asset Regulation Updates Shalini Nagara...
South Korea Hits Record $34 Billion Trade Volume as President Declares Martial Law Ruholamin Haqshan...
‘Bitcoin Jesus’ Roger Ver Fights Tax Case, Claims Violation of Constitutional Rights Shalini Nagaraj...
Hydra Founder Sentenced to Life in Prison by Russian Court for Running $5 Billion Crypto Black Marke...
Solana supply chain attack contained, but users face six-figure losses Oluwapelumi Adejumo | usagold...
Crypto News | XRP, DOGE Fuel Massive Change in South Korea’s Market Structure: Details Wayne Jones ...
Crypto News | Pandana (PNDN) Reaches $600K Presale Milestone in Evolving Memecoin Market Chainwire ...
Crypto News | Tron (TRX) Enters ‘Banana Zone’ Exploding 70% to All-Time High Martin Young | usagold...

Leave a Reply