Attacker Exploits Rounding Issue to Steal Funds
Onyx Protocol, a decentralized finance (DeFi) project, has suffered a security breach resulting in the loss of over $2 million worth of cryptocurrency assets. According to blockchain security firm Polyzoa, the attacker took advantage of a rounding issue within the Onyx Protocol, allowing them to steal $2.1 million from the oPEPE market. This exploit occurred just five days after the market was deployed with no liquidity.
“The attacker exploited this issue to steal $2.1M from the oPEPE market, which had been deployed just five days prior with no liquidity,” the post read.
In order to execute their scheme, the attacker made a small donation to the oPEPE market, appearing innocuous at first. This allowed them to borrow a significant amount of funds from other markets with ample liquidity. The donated funds served as collateral for the borrowing process.
“The attacker then redeemed the borrowed funds, exploiting the rounding issue to make a profit.”
It is worth noting that this attack bears similarities to the exploit used in the Hundred Finance hack. In that case, the attacker manipulated interest rates to borrow more than anticipated, successfully achieving their malicious goals.