Decentralized liquidity market, Onyx has become victim of a latest DeFi exploit with attackers draining approximately $2.1 million from the protocol.
The exploit is associated with the oPEPE market on Onyx which was abused depositing funds to borrow from other markets.
After borrowing funds from Onyx’s cross-token liquidity markets, the Attacker managed to redeem deposited assets by exploiting the rounding issue, according to blockchain security firm – PeckShield.
The attacker carried out the hack by creating a flashloan of 4,000 ETH from Aave and swapped it to PEPE prior to exploiting the oPEPE smart contract on Onyx.
Onyx’s community leader confirmed that the protocol has lost a total of 1,163 ETH in the exploit. The team has now closed vulnerability and is working to proceed further.
PeckShield said that the same bug was exploited earlier in the Hundred Finance hack which caused a loss of $7 million to the protocol. The exploit is originated from an old forked version of Compound V2, which was incorporated by Onyx.
All the stolen assets consisting of 1,130 ETH are now sent to crypto mixer Tornado Cash by the exploiter.