On November 1st, Onyx Protocol encountered a substantial security breach, leading to a loss of approximately $2.1 million. To carry out the attack, the hackers adeptly leveraged a well-documented rounding-off discrepancy inherent to the widely used CompoundV2 fork.
The compromised oPEPE market had been deployed without any underlying liquidity. This vacant market was tactically manipulated through donations in order to secure loans from more liquid markets. Subsequently, the contributed funds were redeemed by capitalizing on the aforementioned, familiar rounding-off anomaly.
Onyx Protocol is a decentralized finance (DeFi) platform, providing users with the capability to generate yield from their assets and access borrowed funds backed by their collateral, encompassing a diverse array of cryptocurrencies, tokens, and NFTs.
PeckShield, a blockchain security and data analytics company, unveiled the intricate specifics of the breach on Twitter. In a sequence of tweets, the company disclosed the pivotal elements of the incident stating:
“the exploited oPEPE market was deployed 5 days ago without any liquidity. This empty market was abused with donation to borrow funds from other markets with liquidity. The donated funds were then redeemed by exploiting the known rounding issue.”
Merkle Science's Blockchain Forensics tool 'Tracker' visualizing the flow of funds
Summary of the Hack:
Merkle Science has taken immediate action to ensure that wallets associated with the Onyx Protocol hack have been tagged across all our tools. This shows direct/indirect exposure to wallets involved in the theft.
Furthermore, our advanced blockchain forensics tool, 'Tracker,' is optimized to provide optimal capabilities for analyzing DeFi and smart contract transactions. It boasts a watchlist feature that promptly alerts users to any inbound or outbound fund transfers from the attacker's address. Additionally, our system encompasses over 22 distinct blockchains and additional L2 chains, facilitating comprehensive fund flow analysis for investigators.