The DeFi platform, Onyx, reported that it was breached, leading to an estimated loss of around $2.1 million due to a security exploit.

Decentralized finance ( DeFi This breach was initially spotted by threat monitoring experts, who underlined their effectiveness in tracking misappropriated assets. Beosin’s EagleEye The Onyx breach was caused by exploiting a recognized rounding issue often seen in the CompoundV2 variant. Interestingly, the hacked oPEPE market was established just five days before the attack without any liquidity to speak of.

The tweet from PeckShield Inc. Cybercriminals took advantage of this liquidity-deprived market by donating funds to borrow from more liquid markets, eventually claiming back those donated amounts by manipulating the identified rounding vulnerability. This kind of flaw was also responsible for an earlier incident involving #HundredFinance, which suffered losses in the range of $7 million.

In essence, the compromised oPEPE market was launched only five days before the attack and had no liquidity at the start. This empty market was exploited through donations that were used to procure loans from other more liquid trading platforms.

The @OnyxProtocol hack leads to $2.1M loss by exploiting a known rounding issue behind the popular CompoundV2 fork.

Blockchain Protocol Security for October https://t.co/ijkXbOyYr2 pic.twitter.com/fbHdZhTz0E

— PeckShield Inc. (@peckshield) November 1, 2023

In a comprehensive assessment of blockchain security trends, Beosin's monitoring indicated a promising decline in security-related losses for October 2023. These losses shrank dramatically by 85.6% when compared to the preceding month, with October seeing slightly over 23 distinct security incidents that led to a total loss of around $51.61 million.

While this figure is considerable, it primarily reflects instances of hacking, phishing scams, and Rug Pulls. Breaking down the statistics, direct cyberattacks accounted for approximately $28.33 million, while Rug Pull schemes contributed nearly $12.02 million, and phishing efforts made up about $11.26 million.

Among the significant security lapses in October was a theft of $7 million from the Fantom Foundation's wallet, a $6 million unauthorized withdrawal from the Philippines-based crypto exchange Coins.ph, and an estimated $4.4 million breach affecting the renowned password management tool, LastPass.

Each of these incidents involved the compromise of private keys. Moreover, October witnessed several Rug Pull incidents, many of which resulted in losses exceeding the million-dollar mark. Notable among them was a case involving the Web3 gaming initiative, FinSoul, whose developer, Fintoch, had a history of involvement in misleading endeavors.

Please be aware that the content available on this page is not designed to serve as, nor should it be interpreted as, legal, tax, investment, financial, or any other type of advice. It's essential to only invest what you can afford to lose and consult with an independent financial advisor if there are any uncertainties. For more detailed information, we recommend checking the terms and conditions as well as the help and support sections provided by the issuer or advertiser. MetaversePost is dedicated to delivering accurate and impartial reporting, but market conditions may fluctuate without prior notice.