Opyn's decentralized options platform has been hacked. Through a double spend attack, the hackers were able to obtain 371,260 USDC. The developers have promised to pay damages.
The attackers exploited a vulnerability in the platform's option tokens (oToken), and the vulnerability was found only in Opyn's put options. With this vulnerability, hackers were able to misappropriate some of the custom tokens that were used to secure the options. The developers were able to save 439,170 USDC, but 371,260 USDC were stolen.
The developers emphasized that the options protocol called Convexity is completely decentralized and the team does not control its work. Therefore, unlike other similar platforms, Opyn was unable to stop the operation of the protocol in time and prevent the withdrawal of tokens.
“We respect the users of our platform and we are going to do everything right. We will refund the loss. Details of the refund process will be provided within 3 days, "the developers of Opyn wrote on Twitter.
Interestingly, the protocol was previously audited by the computer security company OpenZeppelin. According to the developers, the vulnerability was found in an area that the auditors did not check. In the future, the Opyn team promises to revise their security and testing procedures and give more rights to OpenZeppelin auditors.
In mid-June, a vulnerability in the Bancor v0.6 protocol update led to the theft of tokens from users in the amount of more than $ 100,000. At the beginning of the year, ETH worth $ 350,000 and $ 650,000 were stolen from the bZx project in two attacks.