Opyn: a new attack against DeFi
Opyn: a new attack against DeFi

Opyn: a new attack against DeFi

By Alfredo de Candia - 5 Aug 2020

Chevron down
Listen this article

Today there was a new attack against decentralized finance (DeFi) to the detriment of Opyn, that confirmed the attack on Twitter.

Before going into how the attack was perpetrated, let’s first explain what Opyn is. It’s a decentralized platform that allows users to secure their deposits in DeFi and operate with tokens that emulate the real ones, so that, in theory, they don’t risk losing their funds.

The platform, through a smart contract, allows generating oTokens and for each token, the relative counterpart is emulated.

The vulnerability that has been exploited for this attack is related to the ETH contract and in particular to the Opyn ETH Put contract, whereas all the others are not affected by this problem.

The loot of the latest DeFi attack against Opym

The attack allowed as much as 370,000 USDC to be stolen, while more than half a million USDC was recovered by a whitehat, limiting the damage for the platform, given that since it is decentralized, it has no direct control over the funds and the only thing that could be done was to remove the liquidity from the contract.

To incentivize oTokens holders to use the platform again, the team is now offering a 20% surcharge over the Deribit price to accelerate the patch process that will follow with the help of Trail of Bita and the Open Zeppelin team.

The team notes that an audit was done by Open Zeppelin itself but this type of vulnerability was not expected. Despite this, the team explained that even if they are not obliged, all affected users will be compensated.

Unfortunately, the protocol can’t be shut down because when the team created the platform they chose to decentralize and be permissionless.

Finally, in the statement, the team says that it will improve its techniques and will rely on several audits to get support in the security area.

Once again this is an attack against a growing industry such as DeFi.

At the rate of one attack per month, cybercriminals are stealing millions of funds. 

Alfredo de Candia

Android developer for over 8 years with a dozen of developed apps, Alfredo at age 21 has climbed Mount Fuji following the saying: "He who climbs Mount Fuji once in his life is a wise man, who climbs him twice is a Crazy". Among his app we find a Japanese database, a spam and virus database, the most complete database on Anime and Manga series birthdays and a shitcoin database. Sunday Miner, Alfredo has a passion for crypto and is a fan of EOS.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.