InsideBitcoins.com

Opyn DeFi Options Protocol Hack Causes $371,000 In Losses

Korean Exchange Upbit Suffers Hack and Theft of 342,000 ETH ($50 Million) - Copy

Opyn stands as a protocol that offers options for DeFi Tokens, Ether (ETH) as well as an insurance service regarding Compound deposits. However, the Opyn protocol managed to get hacked, with a minimum of 371,260 in USDC being lost due to a double-spend attack. This attack was placed on its Ethereum put options.

Exploiting To Steal Collateral

The hack only affected the ETH put contracts, however. A brief explanation of the matter is that the hacker discovered and subsequently used an exploit within the Opyn protocol’s options tokens (oTokens). Through doing so, this hacker managed to steal collateral from users that sold ETH puts.

As a direct response, Opyn has subsequently removed the ability to buy corresponding oTokens. Alongside this, Opyn drained their own protocol’s smart contract that liquidates ETH puts, which prevented further collateral from being exploited in the same way. As it stands now, a grand total of 572,165 of USDC was drained from the contract.

North Korean Hacking Group Lazarus Is Relentlessly Trying to Steal Cryptocurrency

An Unexpected Avenue

OpenZeppelin, a security firm, was tasked with auditing the contracts. However, the exploit the hacker managed to use was outside of the scope of said audit. Opyn itself gave a public statement about the matter, promising a more technical explanation regarding the exploit at a later point in time.

The team has reacted effectively against this exploit attack. Opyn explained that it would start implementing measures dedicated to mitigating the impact felt by those that managed to lose money through this attack. Opyn has even offered to buy saved collateral, and ETH put oTokens that some users still have on-hand, doing so for a 20% markup within the Deribit exchange. This comes as a bid from the group to try and compensate the victims for their financial damages.

Complications And Solutions

The generalized options protocol for Opyn, dubbed “Convexity,” stands fully decentralized. As such, it’s impossible for the Opyn team to control it or even shut it down. As such, the ability to handle the aftermath of the hack is somewhat limited, as opposed to how a centralized structure would be able to. An example given by the project itself, is that the development of smart contracts should be seen as the development of hardware. If you ship out a smartphone with a hardware defect, you can’t really do much to get rid of the defect.

Future exploit prevention measures has been put in place, as well. Within the report, the Opyn team explained that it would start with internal security and testing practice reviews. Alongside this, an increase will be made on the bug bounty rewards, as well. An increase in audits will be done as well, increasing the number of total audits Open Zeppelin is doing. Alongside this, all smart contracts will now go through Echidna, which is a testing program for smart contracts, created by Trail of Bits, a well-established auditing firm.

Top brokers for buying and trading cryptocurrencies

  • Platform
  • Features
  • Rating
  • Visit Site
  • US-Friendly
  • Paypal accepted
  • 12+ cryptocurrencies
4.5/5

Visit Site
75% of retail investors lose money.
eToro Reviews

    eToro Reviews

    https://insidebitcoins.com/visit/etoro-newsCreate your account
    Hide eToro Reviews
    • Best broker for non-US countries
    • Trade crypto CFDs, forex and stocks
    • No withdrawal or deposit fees
    4.5/5

    Visit Site
    80.5% of retail investors lose money.
    Plus500 Reviews

      Plus500 Reviews

      https://insidebitcoins.com/visit/plus500-newsCreate your account
      Hide Plus500 Reviews
      Remember, all trading carries risk. Past performance is no guarantee of future results.
      Avatar

      A journalist, with experience in web journalism and marketing. Ali holds a master's degree in finance and enjoys writing about cryptocurrencies and fintech. Ali’s work has been published on a number of cryptocurrency publications.