On Oct. 27, Onyx Protocol, a decentralized peer-to-peer lending platform, experienced a significant security breach, resulting in a loss of approximately $2.1 million due to an exploit in a low-liquidity market.
The attacker targeted a known bug—a rounding issue in the CompoundV2 fork, a popular framework in the DeFi space. This vulnerability went unnoticed by Onyx Protocol until blockchain investigator PeckShield identified and reported the incident.
PeckShield’s independent investigation revealed that the attacker exploited the oPEPE market, which was notably lacking in liquidity, by manipulating donations to borrow funds from other more liquid markets. They subsequently redeemed the borrowed funds through the exploitation of the rounding issue.
This is not the first instance of such an exploit; a similar attack was carried out on April 16 against the multichain lending protocol, Hundred Finance, resulting in a loss of $7 million. In the case of Hundred Finance, the attacker manipulated the exchange rate between ERC-20 tokens and hTOKENS, which enabled them to withdraw a larger amount of tokens than they initially deposited.
These recurring instances of cyber exploits highlight the pressing need for enhanced understanding and proficiency in tracking cryptocurrencies to mitigate such risks. The process encompasses transaction tracing, address clustering, behavioral analysis, pattern recognition, regulatory vigilance and collaboration—integral steps to ensure the integrity and security of decentralized finance platforms.