DeFi Protocol Onyx Hacked for Over $2.1 Million

Onyx is a fully decentralized cross-token liquidity market built on Ethereum. According to Defillama, its code is based on Compound V2.

Today, PeckShield monitoring indicates that the DeFi protocol Onyx appears to have been targeted in a hacking attack. Beosin reports that the estimated loss in this attack on Onyx is at least $2.1 million.

PeckShield's continued tracking of the Onyx attacker has revealed that the attacker sent a total of 1,230 ETH to TornadoCash for coin mixing.

According to their analysis, Onyx was targeted because the hacker exploited a known rounding error in the forked version of Compound V2. The hacker used the oPEPE market, which was deployed five days prior but had no liquidity, to borrow funds from other liquid markets using a donation method. Subsequently, they utilized the rounding issue to redeem these funds.

In a similar attack earlier in April this year, Gnosis's Compound fork project, Hundred Finance, suffered approximately $7 million in losses.

Onyx's community leader, Alex, has acknowledged that the protocol suffered a loss of approximately $2.1 million due to the attack. The vulnerability has now been fixed, and they are currently working with partners to address the aftermath.