Onyx Protocol’s $3.8 Million Hack: Insider Threats or External Attack?
28.09.2024 12:00 1 min. read Alexander Stefanov
Onyx Protocol recently suffered a significant exploit, resulting in a loss of $3.8 million.
Hacken, a security auditing firm, investigated the incident, revealing that the attack utilized a malicious contract created shortly before targeting Onyx. The hacker exploited vulnerabilities in the platform to drain its native stablecoin, Virtual USD (VUSD).
This marks the second significant breach for Onyx since November 2023, leading to confusion and further scams on social media. Although Onyx assured users that VUSD remains operational, the incident has disrupted its peg, causing it to drop to $0.39 from its intended value of $1.
The attacker managed to exploit low liquidity in trading pairs by executing a series of transactions, allowing them to withdraw a total of $3.8 million in VUSD. The transactions involved borrowing WETH and creating a series of spam transactions to manipulate the exchange rate.
Additionally, multiple assets from Onyx were affected during the hack, including significant transfers of VUSD and Onyxcoin (XCN). The incident highlights persistent vulnerabilities in DeFi protocols, particularly those derived from Compound V2, which continue to be exploited despite prior warnings.
Speculation around the attack suggests it could be linked to a rogue insider, possibly even North Korean hackers. This exploit not only raises alarms about security flaws but also about potential insider threats within crypto projects.
-
1
Paradigm Joins Legal Fight to Defend Tornado Cash Co-Founder
18.06.2025 21:00 1 min. read -
2
Pennsylvania Man Sentenced to 8 Years for $40M Crypto Ponzi Scheme
28.06.2025 11:30 1 min. read -
3
Crypto Theft Surges to $2.1B in 2025: State Actors Lead Historic Wave of Attacks
27.06.2025 16:30 2 min. read -
4
Solana PumpFun Bot Turns Out to Be Malware in Disguise
04.07.2025 9:00 2 min. read -
5
Investor Loses $6.9M After in TikTok Crypto Scam
16.06.2025 19:00 1 min. read
Hackers Steal $140 Million from Brazilian Central Bank, Launder Funds Through Crypto
A sophisticated cyberattack targeting Brazil’s central bank reserve accounts has resulted in the theft of over $140 million (R$800 million), much of which was swiftly funneled through cryptocurrency channels.
Solana PumpFun Bot Turns Out to Be Malware in Disguise
A malicious open-source project on GitHub disguised as a Solana trading bot has compromised user wallets, according to a July 2, 2025, report by cybersecurity firm SlowMist.
Pennsylvania Man Sentenced to 8 Years for $40M Crypto Ponzi Scheme
The U.S. Department of Justice has sentenced Dwayne Golden, 57, of Pennsylvania to 97 months in prison for orchestrating a fraudulent crypto investment scheme that stole over $40 million from investors.
Crypto Theft Surges to $2.1B in 2025: State Actors Lead Historic Wave of Attacks
The first half of 2025 has become the most damaging six-month period in crypto history, with over $2.1 billion stolen across 75+ separate incidents, according to new data.
-
1
Paradigm Joins Legal Fight to Defend Tornado Cash Co-Founder
18.06.2025 21:00 1 min. read -
2
Pennsylvania Man Sentenced to 8 Years for $40M Crypto Ponzi Scheme
28.06.2025 11:30 1 min. read -
3
Crypto Theft Surges to $2.1B in 2025: State Actors Lead Historic Wave of Attacks
27.06.2025 16:30 2 min. read -
4
Solana PumpFun Bot Turns Out to Be Malware in Disguise
04.07.2025 9:00 2 min. read -
5
Investor Loses $6.9M After in TikTok Crypto Scam
16.06.2025 19:00 1 min. read