The decentralized peer-to-peer lending platform Onyx Protocol fell victim to a hack, resulting in the loss of approximately $2.1 million on October 27. The attack was carried out by exploiting a known bug associated with a rounding issue in the popular CompoundV2 fork. The hacking incident was revealed by blockchain investigator PeckShield, who quickly pointed out that the illiquid oPEPE market within the protocol had been targeted.
PeckShield's subsequent independent investigation into the hack uncovered the unauthorized use of the oPEPE market for misusing donations and borrowing funds from other liquid markets. These donated funds were then redeemed by taking advantage of the known rounding issue. Notably, this bug had been exploited earlier in April, leading to the theft of $7 million from the multi-chain lending protocol Hundred Finance. In that instance, attackers manipulated the exchange rate between ERC-20 tokens and hTOKENS, enabling them to withdraw more tokens than they had initially deposited.
These ongoing hacking attempts emphasize the importance of a comprehensive understanding of cryptocurrency tracking to enhance security. The process of tracking stolen cryptocurrencies via blockchain analysis involves six primary steps: transaction tracing, address clustering, behavioral analysis, pattern recognition, regulatory oversight, and collaboration.
Such measures aim to not only mitigate vulnerabilities in decentralized finance protocols but also address challenges in identifying, preventing, and responding to crypto-related cybercrime.
