Onyx Protocol, a decentralized finance platform, has recently fallen victim to a security breach that resulted in a loss of $2.1 million. Reports indicate that a fraction of the stolen crypto assets from the cross-token liquidity market were quickly transferred to the ether mixing service Tornado Cash. The attack was executed through a combination of a precision loss vulnerability and a flash loan. Despite this incident, the platform’s native currency, onyxcoin (XCN), experienced only a slight decline of 0.8% in value. This article delves into the details of the breach and its impact on the platform’s total value locked (TVL) in the decentralized finance project.
Onyx Protocol Suffers $2.1M Loss in Defi Breach
Multiple sources have confirmed that Onyx Protocol, a decentralized finance (defi) platform, has been compromised in a security breach, resulting in a loss of $2.1 million. In the wake of this attack, a fraction of the stolen crypto assets, originally from the cross-token liquidity market, were swiftly transferred to the ether mixing service Tornado Cash.
Onyx Protocol Loses $2.1M Hack by Precision Loss Vulnerability and Flash Loan
On November 1, 2023, the blockchain analysis and security team at Peckshield exposed the suspicious transaction involving Onyx Protocol, a peer-to-peer lending and cross-token liquidity market, on social media channel X (formerly known as Twitter). The attackers launched the assault using a “precision loss” bug along with a flash loan, successfully draining a considerable amount of ETH and ERC20 tokens from the platform. Despite this, the platform’s native currency, onyxcoin (XCN), has only seen a slight decline of 0.8% since the event, a modest decrease when compared with the significant impact on crypto assets seen in previous defi hacks.
Attack Exposed by Peckshield
The security breach at Onyx Protocol was exposed by Peckshield, a trusted blockchain analysis and security firm. Peckshield’s team discovered a suspicious transaction related to Onyx Protocol and promptly raised the alarm, bringing attention to the hack. The timely discovery by Peckshield allowed for early intervention and mitigation measures to be implemented.
Attackers Use Precision Loss Bug and Flash Loan
The attackers behind the Onyx Protocol hack utilized a combination of a precision loss bug and a flash loan to successfully carry out their attack. The precision loss bug is a vulnerability that allows malicious actors to exploit small discrepancies in the value calculation of tokens, leading to financial loss for the targeted platform. Flash loans, on the other hand, are loans that are borrowed and repaid within the same transaction block, enabling attackers to manipulate the market and exploit vulnerabilities in smart contracts.
By leveraging these techniques, the attackers were able to drain a significant amount of ETH and ERC20 tokens from Onyx Protocol, resulting in the substantial financial loss suffered by the platform.
Impact on Onyxcoin (XCN)
Despite the successful attack on Onyx Protocol, the platform’s native currency, onyxcoin (XCN), has only experienced a slight decline of 0.8% in value since the breach. This indicates that investors and holders of XCN have remained relatively confident in the project’s long-term prospects.
In comparison to previous defi hacks that have resulted in significant losses for the affected projects, the impact on onyxcoin (XCN) has been relatively minimal. This suggests that the Onyx Protocol team’s swift response and effective communication with their community have played a role in mitigating panic and maintaining confidence in the project.
Total Value Locked (TVL) in Onyx Protocol
Following the security breach, there has been a dramatic drop in the total value locked (TVL) in the Onyx Protocol. Prior to the hack, the TVL stood at $2.88 million. However, in the aftermath of the breach, the TVL has plummeted to $557,253. This significant decrease in TVL highlights the impact of the attack on investor sentiment and the immediate reaction of users to withdraw their funds from the platform.
The sharp decline in TVL emphasizes the importance of robust security measures and ongoing audits in the defi space. As decentralized finance continues to grow in popularity, it is crucial for projects like Onyx Protocol to prioritize the security and protection of user funds to maintain trust and attract new investors.
Stolen Funds Redirected to Tornado Cash
As a fraction of the stolen funds from Onyx Protocol were converted to ethereum (ETH), they were redirected to the ether mixing service Tornado Cash. Tornado Cash is a privacy-focused platform that allows users to mix their cryptocurrency holdings to enhance anonymity and obfuscate the transaction trail.
The redirection of stolen funds to Tornado Cash poses additional challenges for tracing and recovering the stolen assets. The nature of mixing services makes it more difficult to identify the ultimate destination of the funds, making it essential for law enforcement agencies and blockchain analysis firms to collaborate and employ advanced forensic techniques to track the flow of the funds.
In conclusion, the Onyx Protocol security breach highlights the ongoing challenges faced by the defi space in ensuring robust security measures. The precision loss vulnerability and flash loan utilized by the attackers demonstrate the need for constant vigilance and the implementation of comprehensive risk mitigation strategies by defi projects. Moving forward, it is imperative for the industry to collectively address these vulnerabilities and strive for continuous improvement in security practices to safeguard user funds and maintain trust in decentralized finance.