- OnyxProtocol (XCN) suffers a $2.1 million loss in a DeFi hack.
- Scammers use an identical vulnerability to the sooner Hundred Finance hack.
- The attackers manipulated an empty contract and used a rounding error within the contract’s redemption operate.
The outstanding decentralized finance (DeFi) lending protocol OnyxProtocol (XCN) has change into one of many newest targets for crypto scammers. In a current put up on the X platform (previously Twitter), the famend blockchain safety risk tracker SlowMist disclosed that OnyxProtocol misplaced over $2.1 million following an exploit.
In keeping with the SlowMist group, the hacker exploited the identical vulnerability beforehand exploited within the Hundred Finance hack that occurred early this 12 months. Particularly, the scammers borrowed extra funds than anticipated by manipulating rates of interest.
Furthermore, SlowMist disclosed that the hacker moved the stolen funds to the well-known sanctioned crypto mixer Twister Money to obfuscate traces of the crypto property. In the meantime, in a associated dialog, PeckShield, one other blockchain safety tracker, added additional context to the OnyxProtocol hack.
PeckShield famous that the scammer’s transaction that exploited the oPEPE market was deployed 5 days again and had no liquidity. Subsequently, the vacant market was manipulated by making donations to it, basically a flash mortgage, enabling the attacker to borrow funds from different markets which have liquidity. Subsequently, the attacker exploited a rounding error to redeem the donated funds.
Equally, PeckShield acknowledged that the invasion was equivalent to the one noticed in Hundred Finance, whereby over seven million {dollars} have been misplaced. In keeping with an April weblog put up by progress hacker Rob Behnke, Hundred Finance initially established its WTC hTokens contracts by creating two related contracts, one energetic and one empty.
Subsequently, attackers abused the trade charge between WTC and hWTC by donating to the empty contract, draining its worth, whereas additionally making the most of the rounding error within the contract’s redemption operate. “This hack highlighted the dangers of copy-pasting code from third events,” Behnke remarked on the Hundred Finance exploit.
Disclaimer: The knowledge offered on this article is for informational and academic functions solely. The article doesn’t represent monetary recommendation or recommendation of any type. Coin Version isn’t chargeable for any losses incurred on account of the utilization of content material, merchandise, or companies talked about. Readers are suggested to train warning earlier than taking any motion associated to the corporate.