Decentralized liquidity protocol Onyx has suffered a security breach that siphoned millions worth of crypto assets from the platform.
Blockchain security firm PeckShield says the perpetrators made off with over $3.8 million in crypto assets, which include 7.35 million of the protocol’s utility token Onyxcoin (XCN), 50,000 Tether (USDT), 4.1 million Virtual USD (VUSD), 5,000 DAI and 0.23 Wrapped Bitcoin (WBTC).
The attackers also swapped the tokens for Ethereum (ETH).
“Here are the latest whereabouts of the stolen $3.8 million funds from OnyxDAO.”
PeckShield identifies an issue that enabled the hackers to compromise the platform.
“It seems today’s victim OnyxDAO (w/ >$3.8m loss) falls prey to a known precision issue in forked CompoundV2 code base… The bug is exploited to leverage a nearly empty market to manipulate the exchange rate.”
Aside from the bug in the forked Compound V2 code base, the attackers also took advantage of another vulnerability.
“Another issue that facilitates the hack is related to the NFTLiquidation contract, which does not properly validate (untrusted) user input and was exploited to inflate the self-liquidation reward amount.”
Onyx, which conducted an investigation following the incident, says the primary issue is the NFTLiquidation contract.
“Onyx Protocol was subject to a security incident where a nefarious actor exploited the protocol to drain VUSD from the protocol. This exploit can be identified and understood from a vulnerability in the NFT Liquidation contract.”
Don’t Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Follow us on X, Facebook and Telegram
Surf The Daily Hodl Mix
 
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Generated Image: Midjourney
The post Decentralized Web3 Project Onyx Hacked for $3,800,000 Worth of Crypto: PeckShield appeared first on The Daily Hodl.