English
Arabic
Chinese (Simplified)
Indonesian
Russian
- OnyxProtocol (XCN) suffers a $2.1 million loss in a DeFi hack.
- Scammers use an analogous vulnerability to the sooner Hundred Finance hack.
- The attackers manipulated an empty contract and used a rounding error within the contract’s redemption operate.
The distinguished decentralized finance (DeFi) lending protocol OnyxProtocol (XCN) has turn into one of many newest targets for crypto scammers. In a latest publish on the X platform (previously Twitter), the famend blockchain safety risk tracker SlowMist disclosed that OnyxProtocol misplaced over $2.1 million following an exploit.
In keeping with the SlowMist crew, the hacker exploited the identical vulnerability beforehand exploited within the Hundred Finance hack that occurred early this yr. Particularly, the scammers borrowed extra funds than anticipated by manipulating rates of interest.
Furthermore, SlowMist disclosed that the hacker moved the stolen funds to the well-known sanctioned crypto mixer Twister Money to obfuscate traces of the crypto property. In the meantime, in a associated dialog, PeckShield, one other blockchain safety tracker, added additional context to the OnyxProtocol hack.
PeckShield famous that the scammer’s transaction that exploited the oPEPE market was deployed 5 days again and had no liquidity. Subsequently, the vacant market was manipulated by making donations to it, basically a flash mortgage, enabling the attacker to borrow funds from different markets which have liquidity. Subsequently, the attacker exploited a rounding error to redeem the donated funds.
Equally, PeckShield acknowledged that the invasion was similar to the one noticed in Hundred Finance, whereby over seven million {dollars} have been misplaced. In keeping with an April weblog publish by development hacker Rob Behnke, Hundred Finance initially established its WTC hTokens contracts by creating two comparable contracts, one lively and one empty.
Subsequently, attackers abused the alternate fee between WTC and hWTC by donating to the empty contract, draining its worth, whereas additionally profiting from the rounding error within the contract’s redemption operate. “This hack highlighted the dangers of copy-pasting code from third events,” Behnke remarked on the Hundred Finance exploit.
Disclaimer: The data offered on this article is for informational and academic functions solely. The article doesn’t represent monetary recommendation or recommendation of any form. Coin Version just isn’t chargeable for any losses incurred on account of the utilization of content material, merchandise, or providers talked about. Readers are suggested to train warning earlier than taking any motion associated to the corporate.