The Onyx platform has fallen victim to an exploit, resulting in a $3.8M loss. The attack was carried out via a custom-generated malicious contract.
Causes of the Onyx Exploit
An investigation by Hacken revealed that the attack was executed through a malicious contract, deployed just minutes before targeting Onyx. The hacker managed to withdraw Virtual USD (VUSD), the protocol’s native stablecoin. This is the second hack for Onyx, with the first occurring on November 3, 2023.
Consequences of the Attack
As a result of the exploit, the VUSD price fell to $0.39 and did not recover its $1 nominal value. Onyx announced that VUSD itself was not affected, but its price was significantly impacted. The total VUSD supply exceeds $51M, while its current market capitalization stands at $19M.
Suspected Perpetrator of the Attack
There is a possibility that the exploit was carried out by a North Korean hacker posing as a project developer. Researchers claim to have provided potential evidence of links to DPRK hackers to the Onyx team.
The attack on the Onyx protocol once again highlights the vulnerabilities of projects using forks of Compound V2. Experts call for increased security measures and contract audits to prevent such incidents in the future.
