Adding to the list of hacking incidents in the DeFi sector this year is decentralized protocol Opyn, which is known for offering Ethereum (ETH) options contracts. An unidentified hacker conducted a “double spend” attack on Opyn’s network with oTokens, which allowed them to steal 371,260 USD Coin (USDC) from several smart contracts. Opyn’s team was made aware of this ’exploit’ via its Discord chat, and a white hat hacker was deployed to recover some funds from its outstanding vaults and ensure that no further losses would occur.
Unlike centralized trading platforms, Opyn’s decentralized and permissionless network does not allow for the Opyn team to immediately suspend all contracts once an issue is flagged, which means that it is unable to stop the hacker from stealing further funds at that moment even after gaining knowledge of the attack. Instead, Opyn moved to prevent these oTokens stolen from being liquidated on decentralized exchanges such as Uniswap by suspending its ETH Put Pools on the platform.
According to PeckShield, which ran diagnostics on the technical aspects of the hack later, the attack occurred due to a bug present in the way Opyn’s vault programme was coded.
“We will continue to work tirelessly to regain your trust, and to ensure that our contracts have an extremely high standard for security. We will be doing an internal review of our security and testing practices going forward, submit further contracts to audit in addition to our existing OpenZeppelin audits, and design a plan to mitigate the impact on put sellers,” Opyn’s announcement read.
For existing users who hold oTokens, Opyn was quick to offer to buy the illiquid tokens affected during the attack at a 20% markup from market price on Deribit.
Security breaches on decentralized networks have occurred frequently this year, raising the questions of just how safe traders’ assets on these platforms are and also if decentralized platforms are taking sufficient actions to prevent the loss of funds and tighten security before an attack happens. Hackers gained easy access to lending firm BlockFi’s network through an SIM port in May, while China’s dForce made headlines for losing $25 million in funds to a malicious actor exploiting yet another security flaw in its network.
You may also want to read: Bitfinex Offering Bounty Reward of $400 Million for 2016 Bitcoin Hack