A well-known DeFi platform, Onyx has endured a security breach on its network. According to on-chain data, the attack resulted in the loss of over $2.1 million.
Meanwhile, analysts at the security firm, BlockSec have given insights into the circumstances that led to the security exploit. In a report, the director of BlockSec, Matthew Jiang claimed that the attacker stole the funds by taking advantage of a vulnerability in the codebase of Onyx. This codebase is well-known as “precision loss.”
Onyx attacker moves 700 ETH to Tornado Cash
Onyx attacker was alleged to have taken out a huge amount of ETH as a flash loan, swapped it for PEPE, and donated it to a specific pool to manipulate the exchange rate. With this, the attacker withdrew more of the underlying assets by burning fewer shares. More so, it is reported that the Onyx attacker has already moved 700 ETH to Tornado, a crypto mixing service that has become a safe haven for hackers. Although the mixing service was banned in 2022, hackers still leverage it to keep stolen funds.
Since its emergence, Tornado Cash has been harnessed to launder over $7 billion worth of crypto assets. First, a renowned hacking team from North Korea, Lazarus Group used the crypto mixing tool to siphon at least $455 million. Also, don’t forget that hackers of Harmony Bridge initially moved over $96 million away to Tornado last year.
All these triggered its ban by the Treasury’s Office of Foreign Asset Control (OFAC) in August 2022. Nevertheless, the ban has not stopped hackers from moving stolen funds there. The latest move by Onyx attacker to move 700 ETH there further justifies that the ban has not been effective.
Attack on Mixin
Meanwhile, the attack on Onyx comes barely a few months after Mixin suffered the same fate on its network. Mixin lost $200 million to the attack. According to reports, the attacker compromised the database of the third-party service provider on the platform to unleash the attack. Just recently, it offered a $20 million bounty to the hacker for the return of the stolen funds.
Following the attack, Mixin suspended both withdrawals and deposits on its network. In its recent post, the protocol disclosed its plans to compensate all affected victims and also resume deposits and withdrawals as soon as possible. Now, with another attack on Onyx, there’s no doubt that DeFi protocols have become the biggest victims of crypto hackers in 2023.