Onyx Protocol Exploiter Siphons $2.1M from Tornado Cash

    The Onyx Protocol hacker strikes again, this time exploiting a familiar bug to siphon $2.1 million from Tornado Cash. Learn about this decentralized lending platform’s loss and the intriguing connection to a previous $7 million exploit.

    In a twist of deja vu, the Onyx Protocol hacker has reared their head once more, making off with a substantial $2.1 million in a cunning exploit targeting Tornado Cash. The assailant capitalized on a known bug linked to the widely-used CompoundV2 fork, which had previously been employed to extort $7 million from Hundred Finance.

    The incident unfolded on Oct. 27, and Onyx Protocol’s decentralized, peer-to-peer lending platform fell victim to an attack in a market devoid of liquidity. Notably, this security breach went undetected by the protocol. PeckShield, a blockchain investigator, shed light on the exploit, revealing the hacker’s modus operandi.

    The hacker manipulated the so-called oPEPE market, utilizing donations to borrow funds from other markets with liquidity. Subsequently, the ill-gotten funds were redeemed by exploiting the familiar rounding issue.

    This exploit’s eerie familiarity harks back to April 16, when the same bug was exploited to pilfer $7 million from Hundred Finance, a multichain lending protocol. In that instance, the attacker manipulated ERC-20 token exchange rates, enabling them to withdraw more tokens than initially deposited, as documented by CertiK.


    latest news

    Read More