DeFi hack causes Opyn to lose user funds

Getting your Trinity Audio player ready...

Another DeFi platform has been exploited: Opyn the DeFi protection and risk management tool that lets users trade ETH options, has been exploited for an unknown amount of ETH.

https://twitter.com/udon_crypto/status/1290688662351392771

The exploit was first discovered by Twitter user @udon_crypto when they realized that the Opyn contracts were settling in both ETH and USDC when they really should have only been paying their users USDC at settlement time. 

Hey all, it seems like there has been an issue with some oTokens contracts. We are working hard on understanding this issue so we can let help users as best we can. We have removed liquidity from Uniswap in the mean time. Would be best to not open new vaults at the moment.

— opyn² – Now Hiring (@opyn_) August 4, 2020

Shortly after the exploit was discovered, the Opyn team pulled all of the liquidity for their options trading while they worked to understand the issue.

The risk of DeFi

DeFi has been a hot topic lately because many digital currency enthusiasts realized that DeFi investments were an easy way for them to make a quick buck. DeFi resembles the digital currency ecosystem in 2017, not many people understand DeFi platforms, coins, and tokens, yet, they continue to exponentially increase in value—but it comes with major risk.

Opyn is not the first DeFi platform to get exploited, there have been several DeFi platform breaches this year. Including the Opyn exploit, there has been a total of six DeFi exploits that have happened so far in 2020 which have resulted in tens of millions of dollars worth of digital currency being lost. 

MakerDAO’s CDP, Lendf.me, Uniswap, bZx, Balancer, and now, Opyn have all been exploited, with each platform losing $4 million, $25 million, $300,000, $995,000, $450,000, and an unknown amount respectively.

A house of cards

DeFi platforms are the equivalent to a house of cards, one wrong move and the entire ecosystem could come crashing down at any time.

The problem is, most DeFi platforms are not secure, and the smart contracts that facilitate the borrowing, lending, and hedging can easily be gamed. In all of the exploits that have taken place, the attacker has not hacked the platform or breached a database. Rather, they have a great understanding of DeFi platforms and smart contracts and are able to use the platforms in a way where they beat the system and rake in millions of dollars at the platform’s expense.

We recommend that you proceed with caution when it comes to DeFi platforms because even though you may be enticed by the fact that you can make a quick buck, you can easily lose all of your funds, or could be making trades on the platform that will be the next one to get exploited. As the DeFi honeypot grows—with currently $4.27 billion in total value locked on DeFi platforms—DeFi protocols will only become a more attractive target for attackers.