header banner
Default

An Onyx Protocol exploiter starts stealing $2 million in wealth from Tornado Cash


Table of Contents

    The bug the Onyx Protocol hacker exploited to steal $2.1 million was previously used by a hacker to extort $7 million from Hundred Finance.

    1827 Total views

    17 Total shares

    Onyx Protocol exploiter begins siphoning $2.1M loot on Tornado Cash

    Decentralized peer-to-peer lending platform Onyx Protocol lost roughly $2.1 million in an exploit of a market with no liquidity that was deployed on Oct. 27. 

    The Onyx Protocol hacker exploited a known bug, a rounding issue behind the popular CompoundV2 fork, explained blockchain investigator PeckShield soon after alerting about the hack that went unnoticed by the protocol.

    #PeckShieldAlert @OnyxProtocol has been exploited for ~2.1M pic.twitter.com/5Z50tCg6MD

    — PeckShieldAlert (@PeckShieldAlert) November 1, 2023

    The alleged liquidity lacking oPEPE market was “abused with donation to borrow funds from other markets with liquidity,” found PeckShield’s independent investigation on the matter.

    “The donated funds were then redeemed by exploiting the known rounding issue.”

    Previously, on April 16, an attacker exploited the same bug to steal $7 million from multichain lending protocol Hundred Finance.

    #CertiKSkynetAlert @HundredFinance’s attacker manipulated the exchange rate between ERC-20 tokens and htokens which allowed them to withdraw more tokens than they had originally deposited. The estimated losses of this attack is around $7.4 million.

    Stay vigilant! https://t.co/1hxAnFoNjj

    — CertiK Alert (@CertiKAlert) April 15, 2023

    In Hundred’s case, the attacker manipulated the exchange rate between ERC-20 tokens and hTOKENS, allowing them to withdraw more tokens than originally deposited, according to CertiK.

    Related: Crypto thief steals $4.4M in a day as toll rises from LastPass breach

    Consistent hack attempts from bad actors require a greater understanding of the art of tracking cryptocurrencies.

    A recent Cointelegraph Research article details the various methods that can be used to fortify crypto security with blockchain analysis. As explained, tracking stolen crypto using blockchain analysis broadly involves six major steps: transaction tracing, address clustering, behavioral analysis, pattern recognition, regulatory vigilance and collaboration.

    Magazine: Slumdog billionaire: Incredible rags-to-riches tale of Polygon’s Sandeep Nailwal

    Sources


    Article information

    Author: Steven Garcia

    Last Updated: 1700166362

    Views: 990

    Rating: 3.8 / 5 (47 voted)

    Reviews: 95% of readers found this page helpful

    Author information

    Name: Steven Garcia

    Birthday: 1954-04-06

    Address: 11808 Alexis Island Suite 923, Ramirezside, WA 01746

    Phone: +4540447706247958

    Job: Physiotherapist

    Hobby: Poker, Beekeeping, Robotics, Orienteering, Skiing, Drone Flying, Scuba Diving

    Introduction: My name is Steven Garcia, I am a fearless, rare, forthright, skilled, rich, dear, expert person who loves writing and wants to share my knowledge and understanding with you.