In a recent unfortunate turn of events, the decentralized finance (DeFi) project, Onyx Protocol, has fallen prey to a flash loan exploitation, resulting in a substantial loss of approximately $2.1 million worth of Ethereum (ETH) coins.
The exploit was carried out by an attacker whose wallet now boasts a balance of 1,164 ETH, equivalent to roughly $2.1 million, obtained through fraudulent means. The attacker’s approach involved a clever yet malicious scheme.
To execute this theft, the attacker initiated their scheme by making a seemingly innocent, small donation to the oPEPE market. This donation served as the key that unlocked the ability to borrow a significant amount of funds from other markets with ample liquidity. Notably, the donated funds were utilized as collateral for the borrowing process. Subsequently, the attackers redeemed the borrowed funds and exploited a rounding issue to turn a profit.
The theft was facilitated by the fact that the oPEPE market had been established just five days prior and had not accumulated significant funds, providing a convenient opportunity for the attackers.
To delve into the specifics, the attacker orchestrated a flash loan of 4,000 ETH from Aave, an open-source liquidity protocol. They then swapped these funds for the meme coin, PEPE, just before exploiting the oPEPE smart contract on Onyx.
This unfortunate incident is the latest in a series of cryptocurrency exploits, resulting in the loss of $2.1 million worth of ETH tokens for the DeFi community.
Alyx Onex, the Community Leader of Onyx Protocol, confirmed the theft and announced that the team has swiftly addressed the vulnerability, taking necessary steps to rectify the situation. Via the X platform (formerly known as Twitter), Alex assured the community that they are fully aware of the problem and are actively working towards a resolution.
Regrettably, such exploit attacks and crypto scams targeting the DeFi space are on the rise, causing growing concern within the cryptocurrency community. Notably, Hundred Finance recently reported a similar security breach, which led to substantial losses of around $7.4 million on the Ethereum layer-2 blockchain, Optimism.
Furthermore, the monthly report from CertiK Alert has revealed that crypto enthusiasts collectively lost over $32 million in October due to exploits, hacks, and scams.