• Onyx Protocol suffers a $3.8M hack due to a repeat flaw in its CompoundV2-based code.
  • Previous Onyx exploit in Oct 2023 led to a $2.1M loss, highlighting ongoing security issues.
  • Hexgate advises DeFi protocols to prevent token supply from hitting zero to avoid similar hacks.

The decentralized finance (DeFi) sector has witnessed another substantial financial breach with Onyx Protocol, a fork of Compound Finance, losing $3.8 million to hackers. This incident has intensified concerns over the security measures of decentralized protocols, especially those deriving their code bases from established platforms. 

The breach, attributed to a known precision issue in the CompoundV2 code base, marks a repeat vulnerability that had previously facilitated a similar attack.

The Exploit Details

Blockchain security firm PeckShield first reported the suspicious transactions associated with OnyxDAO, which revealed the movement of large sums including 4.1 million VUSD and other cryptocurrencies such as XCN and USDT. The firm pointed out that the exploit was due to a precision issue that allowed the hacker to manipulate exchange rates and withdraw funds. 

It seems today's victim @OnyxDAO (w/ >$3.8m loss) falls prey to a known precision issue in forked CompoundV2 code base. The drained funds include 4.1m VUSD, 7.35m XCN, 5k DAI, 0.23 WBTC, 50k USDT.

The bug is exploited to leverage a nearly empty market to manipulate the exchange… https://t.co/Apddu5aMbD pic.twitter.com/EKKRarFu5X

— PeckShield Inc. (@peckshield) September 26, 2024

This specific vulnerability had been exploited before in October 2023 when the same protocol was hacked for $2.1 million, emphasizing the recurring nature of the security flaw.

The implications of such vulnerabilities are profound, impacting user trust and the overall perception of security within the DeFi ecosystem. This incident underscores the critical need for rigorous security measures and constant vigilance among DeFi platforms, especially those using forked code bases which might inherit unseen vulnerabilities.

Read CRYPTONEWSLAND on google news

Industry Response and Preventative Measures

In response to the breach, discussions within the DeFi community have centered around the adoption of more robust security practices for protocols using forked code bases. Security firm Hexgate suggested that protocols like Onyx could mitigate such vulnerabilities by ensuring that the total supply of their tokens never reaches zero, a condition that makes them susceptible to similar exploits.

Moreover, the repeated nature of the breach at Onyx Protocol has prompted calls for enhanced community support and the implementation of advanced security protocols to prevent future incidents. 

The DeFi community is now advocating for the creation of standardized security guidelines for all protocols, particularly those that fork from well-known projects like Compound Finance.

disclaimer read more

Crypto News Land, also abbreviated as "CNL", is an independent media entity - we are not affiliated with any company in the blockchain and cryptocurrency industry. We aim to provide fresh and relevant content that will help build up the crypto space since we believe in its potential to impact the world for the better. All of our news sources are credible and accurate as we know it, although we do not make any warranty as to the validity of their statements as well as their motive behind it. While we make sure to double-check the veracity of information from our sources, we do not make any assurances as to the timeliness and completeness of any information in our website as provided by our sources. Moreover, we disclaim any information on our website as investment or financial advice. We encourage all visitors to do your own research and consult with an expert in the relevant subject before making any investment or trading decision.