Onyx, hacked on September 26, implemented a proposal to shut down its permissionless offering and launch a closed, open-source lending offering. Users affected by the hack will receive their funds fully.
DeFi protocol Onyx underwent a governance process to implement “OIP [Onyx Improvement Proposal]-46: Relaunch Onyx Core.” This proposal came on the same day the protocol was hacked for $3.8 million, September 26, as a cybercriminal took advantage of a known but unaddressed vulnerability. Onyx was previously exploited due to the same vulnerability in November 2023.
PeckShield announced the exploit to the crypto community, highlighting the recurring contract flaw. Onyx added to relay more information that stated the existing vulnerability in its contract forked from Compound Finance V2 allowed the hacker to attack its NFTLiquidation contract.
OIP-46 was voted for unanimously by Onyx’s community, as all 16 wallet addresses participating in the governance measure wanted the proposal to be implemented as of September 29. With the implementation set to occur on October 1, Onyx’s Ethereum-based lending market will shut down, and those affected by the hack will receive their funds in full “at a 1:1 payment of the assets they supplied.”
Source: Onyx
Alongside that, the proposal will “relaunch its open source permissioned financial network, Onyx Core as its primary product alongside XCN Staking securing the governance of Onyx Core and for Onyx Stakers.” Moving away from Ethereum, users can now wrap crypto, NFTs, and Real World Assets (RWAs) on Onyx Core.
September Saw Interesting Hacks
DeFi protocols are witnessing rising levels of hacks in 2024. September has been a lucrative month for bad actors. Most recently, Bedrock was exploited for $2 million by taking advantage of the protocol’s minting process to obtain its wrapped uniBTC tokens. However, what made this hack interesting was how Bedrock reacted to the situation. It offered the hacker a job offer through an on-chain message to protect it from witnessing such issues in the future.
Another protocol, Shezmu, experienced a $5 million hack as a hacker manipulated one of its ShezUSD vaults. While most hackers walk away with their proceeds to launder it through crypto mixing services and ride off into the sunset, this hacker returned the funds, keeping 20% as their bounty fee. Shezmu managed to negotiate with them to obtain the repayment, initially offering a 10% bounty but caving into the hacker’s 20% demands.