Onyx Protocol’s $3.8 Million Hack: Insider Threats or External Attack?
28.09.2024 12:00 1 min. read Alexander Stefanov
Onyx Protocol recently suffered a significant exploit, resulting in a loss of $3.8 million.
Hacken, a security auditing firm, investigated the incident, revealing that the attack utilized a malicious contract created shortly before targeting Onyx. The hacker exploited vulnerabilities in the platform to drain its native stablecoin, Virtual USD (VUSD).
This marks the second significant breach for Onyx since November 2023, leading to confusion and further scams on social media. Although Onyx assured users that VUSD remains operational, the incident has disrupted its peg, causing it to drop to $0.39 from its intended value of $1.
The attacker managed to exploit low liquidity in trading pairs by executing a series of transactions, allowing them to withdraw a total of $3.8 million in VUSD. The transactions involved borrowing WETH and creating a series of spam transactions to manipulate the exchange rate.
Additionally, multiple assets from Onyx were affected during the hack, including significant transfers of VUSD and Onyxcoin (XCN). The incident highlights persistent vulnerabilities in DeFi protocols, particularly those derived from Compound V2, which continue to be exploited despite prior warnings.
Speculation around the attack suggests it could be linked to a rogue insider, possibly even North Korean hackers. This exploit not only raises alarms about security flaws but also about potential insider threats within crypto projects.
-
1
North Korean Agent Exposed in Crypto Job Scam at Kraken
04.05.2025 20:00 2 min. read -
2
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
05.05.2025 16:00 1 min. read -
3
$330M Bitcoin Heist Traced to Social Engineering Scam Targeting U.S. Senior
04.05.2025 12:00 2 min. read -
4
Samourai Wallet Case Faces Scrutiny After Allegations of Withheld Evidence
07.05.2025 13:00 2 min. read -
5
Alex Mashinsky Seeks One-Year Sentence as DOJ Pushes for 20 Years
08.05.2025 12:00 1 min. read
Man Sentenced to 30 Years for Using Crypto to Fund ISIS Operations
A U.S. court has handed down a 30-year prison sentence to Mohammed Azharuddin Chhipa, who was found guilty of financing terrorism through cryptocurrency.
Celsius CEO Sentenced to 12 Years Over $5 Billion Crypto Scandal
A major chapter in crypto’s legal reckoning closed this week as Alex Mashinsky, once a prominent name in digital lending, received a 12-year prison sentence.
Alex Mashinsky Seeks One-Year Sentence as DOJ Pushes for 20 Years
Former Celsius CEO Alex Mashinsky is asking for a significantly reduced prison sentence ahead of his May 8 sentencing, with his legal team pushing back hard against the U.S. Department of Justice’s call for a 20-year term.
Samourai Wallet Case Faces Scrutiny After Allegations of Withheld Evidence
The legal battle against the creators of Samourai Wallet has taken a sharp turn, as defense attorneys accuse federal prosecutors of suppressing a key legal interpretation from the Treasury Department that could dismantle the core of the government’s case.
-
1
North Korean Agent Exposed in Crypto Job Scam at Kraken
04.05.2025 20:00 2 min. read -
2
ZachXBT Helps Freeze $7M After $330M Bitcoin Theft From Elderly Holder
05.05.2025 16:00 1 min. read -
3
$330M Bitcoin Heist Traced to Social Engineering Scam Targeting U.S. Senior
04.05.2025 12:00 2 min. read -
4
Samourai Wallet Case Faces Scrutiny After Allegations of Withheld Evidence
07.05.2025 13:00 2 min. read -
5
Alex Mashinsky Seeks One-Year Sentence as DOJ Pushes for 20 Years
08.05.2025 12:00 1 min. read