Onyx, a popular decentralized finance protocol, suffered a loss of over 2.1 million dollars due to a security vulnerability. The exploit was carried out using an integer rounding security flaw and flash loans. Hackers exploited a specific “vulnerable loss” security flaw in Onyx’s codebase.
#PeckShieldAlert @OnyxProtocol has been exploited for ~2.1M pic.twitter.com/5Z50tCg6MD
— PeckShieldAlert (@PeckShieldAlert) November 1, 2023
The integer rounding security vulnerability used in the Onyx protocol exploit is an error that results in incorrect calculation of integer values in financial transactions. This allows attackers to manipulate original transactions, leading to the erroneous distribution of funds between accounts.
Attack Carried Out Through Flash Loans!
Flash loans are a commonly used transaction type in DeFi protocols. In this attack, hackers utilized the temporary loans they provided to the protocol. Specifically, flash loan transactions were conducted based on the integer rounding security vulnerability, resulting in the theft of millions of dollars’ worth of assets.
Onyx Team Announced Continued Efforts
After detecting the attack, the Onyx team swiftly took action and announced their efforts to close the security vulnerability in the protocol. They also stated that they are working on various measures to recover the assets stolen by the hackers.
