BSV
$68.26
Vol 65.27m
-6.32%
BTC
$97396
Vol 47028.08m
-1.23%
BCH
$500.65
Vol 1041.48m
-5.54%
LTC
$96.43
Vol 1762.58m
-6.97%
DOGE
$0.41
Vol 14913.1m
-10.85%
Getting your Trinity Audio player ready...

It has been revealed that 371,260 USDC was lost during the August 4 exploit of the DeFi protocol Opyn. According to the official announcement from the Opyn team, a “double exercise” attack took place.

During the attack, the attacker was able to exploit the platform in a way that allowed them to receive ETH put option contract collateral as well as the ETH put option contract settlement money—when they really should have only had access to the settlement money. This is the sixth DeFi protocol exploit to take place since the beginning of this year. In total, the six exploits have resulted in the loss of over $31 million dollars.

How it happened

What’s interesting about every DeFi exploit that has taken place this year is that none of them involved a hack or a breach of a database. According to an analysis of the Opyn exploit by the blockchain analytics firm PeckShield, the attacker was able to exploit Opyn because they had a strong understanding of the protocol and the functions that could be used to interact with the protocol.

“This hack was done by calling exercise() with more than two vaults with ETH as the underlying assets. Since the implementation treats the same batch of ETH received as multiple batches of ETH receptions, the hacker re-uses that batch of ETH to retrieve the collateral USDC and make profits.”

In its notice, Opyn confirmed that “439,170 USDC from outstanding vaults was successfully recovered by a white hat hack that the Opyn team conducted on the Convexity Protocol to mitigate further loss… [and by] working with [Twitter user] @samczsun, we were able to whitehack an additional 132,995 USDC.”

At the moment, it is unclear how the open team was able to recover a total of 572,165 USDC when only 371,260 USDC was exploited during the hack. When CoinGeek reached out to the Opyn team for more insight, we did not hear back at press time.

Recommended for you

Lido DAO members liable for their actions, California judge rules
In a ruling that has sparked outrage among ‘Crypto Bros,’ the California judge said that Andreessen Horowitz and cronies are...
November 22, 2024
How Philippine Web3 startups can overcome adoption hurdles
Key players in the Web3 space were at the Future Proof Tech Summit, sharing their insights on how local startups...
November 22, 2024
Advertisement
Advertisement
Advertisement