The bug the Onyx Protocol hacker exploited to steal $2.1 million was previously used by a hacker to extort $7 million from Hundred Finance.
Decentralized peer-to-peer lending platform Onyx Protocol lost roughly $2.1 million in an exploit of a market with no liquidity that was deployed on Oct. 27.
The Onyx Protocol hacker exploited a known bug, a rounding issue behind the popular CompoundV2 fork, explained blockchain investigator PeckShield soon after alerting about the hack that went unnoticed by the protocol.
— PeckShieldAlert (@PeckShieldAlert) November 1, 2023
The alleged liquidity lacking oPEPE market was “abused with donation to borrow funds from other markets with liquidity,” found PeckShield’s independent investigation on the matter.
“The donated funds were then redeemed by exploiting the known rounding issue.”
Previously, on April 16, an attacker exploited the same bug to steal $7 million from multichain lending protocol Hundred Finance.
#CertiKSkynetAlert @HundredFinance’s attacker manipulated the exchange rate between ERC-20 tokens and htokens which allowed them to withdraw more tokens than they had originally deposited. The estimated losses of this attack is around $7.4 million.
Stay vigilant! https://t.co/1hxAnFoNjj
— CertiK Alert (@CertiKAlert) April 15, 2023
In Hundred’s case, the attacker manipulated the exchange rate between ERC-20 tokens and hTOKENS, allowing them to withdraw more tokens than originally deposited, according to CertiK.
Consistent hack attempts from bad actors require a greater understanding of the art of tracking cryptocurrencies.
A recent Cointelegraph Research article details the various methods that can be used to fortify crypto security with blockchain analysis. As explained, tracking stolen crypto using blockchain analysis broadly involves six major steps: transaction tracing, address clustering, behavioral analysis, pattern recognition, regulatory vigilance and collaboration.