Onyx Protocol exploiter begins siphoning $2.1M loot on Tornado Cash

4



Decentralized peer-to-peer lending platform Onyx Protocol lost roughly $2.1 million in an exploit of a market with no liquidity that was deployed on Oct. 27. 

The Onyx Protocol hacker exploited a known bug, a rounding issue behind the popular CompoundV2 fork, explained blockchain investigator PeckShield soon after alerting about the hack that went unnoticed by the protocol.

The alleged liquidity lacking oPEPE market was “abused with donation to borrow funds from other markets with liquidity,” found PeckShield’s independent investigation on the matter.

“The donated funds were then redeemed by exploiting the known rounding issue.”

Previously, on April 16, an attacker exploited the same bug to steal $7 million from multichain lending protocol Hundred Finance.

In Hundred’s case, the attacker manipulated the exchange rate between ERC-20 tokens and hTOKENS, allowing them to withdraw more tokens than originally deposited, according to CertiK.

Related: Crypto thief steals $4.4M in a day as toll rises from LastPass breach

Consistent hack attempts from bad actors require a greater understanding of the art of tracking cryptocurrencies.

A recent Cointelegraph Research article details the various methods that can be used to fortify crypto security with blockchain analysis. As explained, tracking stolen crypto using blockchain analysis broadly involves six major steps: transaction tracing, address clustering, behavioral analysis, pattern recognition, regulatory vigilance and collaboration.

Magazine: Slumdog billionaire: Incredible rags-to-riches tale of Polygon’s Sandeep Nailwal