The Onyx protocol was hacked for a second time by attackers taking advantage of known bugs in forks of the Compound Finance project. Projects regularly fail to patch these bugs, despite many instances of multi-million dollar hacks affecting Compound forks in the past.Onyx apparently didn’t learn their lesson the first time around, when they were exploited for $2 million in November 2023 by an attacker taking advantage of a known vulnerability affecting empty markets on the protocol. This same bug seems to have contributed to this exploit, although Onyx has claimed the hack was due to a separate vulnerability in an NFT liquidation contract.

Total loss estimated at $3,800,000.