Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Technology » DeFi Options Protocol Opyn Hacked, Over $371,000 Lost

DeFi Options Protocol Opyn Hacked, Over $371,000 Lost

by

Opyn experienced a double-spend attack on its Ethereum put options, resulting in the loss of at least $371,000 in user funds.

DeFi Options Protocol Opyn Hacked, Over $371,000 Lost

Key Takeaways

  • The hack on Opyn's Ethereum put options happened around 4:00 AM PT
  • The team secured 572,165 USDC from its contract, but the hacker still got away with 371,260 USDC
  • Opyn is decentralized, and the team cannot shut it down in the case of emergency

Share this article

Opyn, a protocol offering options for ETH, DeFi tokens, as well as insurance on Compound deposits, was hacked. At least 371,260 USDC were lost because of the double-spend attack on its Ethereum put options.

Opyn Protocol Exploited

Only ETH put contracts were affected by the attack. The hacker used an exploit in Opyn protocol’s options tokens (oTokens) to steal collateral from users who sold these ETH puts.

Opyn responded to the exploit by removing the ability to buy corresponding oTokens and draining their own protocol’s smart contract to liquidate ETH puts, saving further collateral from exploitation. A total of 572,165 USDC was drained from the contract.

While security firm OpenZeppelin audited the contracts, the exploit was outside of the audit’s scope, Opyn team announced it would release more technical details on the exploit at a later date.

Response to the Hack

The team reacted responsibly to the attack, promising full reimbursement for ETH put oTokens sellers who lost money in the hack. For purchasers of ETH put oTokens, the team offered to buy the tokens with a 20% markup on Deribit to compensate them for damages.

Opyn’s generalized options protocol “Convexity” is fully decentralized, the team doesn’t control it and can’t shut it down, so there was a limited opportunity to deal with the aftermath of the hack. The project’s example shows that smart-contract development should be treated as hardware development: if you ship a smartphone with a defect, there’s little you can do if things go wrong.

Crypto Briefing reached out to the Opyn team and has yet to receive a comment on the incident.

Opyn is taking other measures to prevent future exploits. In its latest report, the team stated that it would review its internal security and testing practices while increasing its bug bounty rewards. Moreover, it will conduct additional audits besides those already scheduled with Open Zeppelin. Finally, the contracts will go through Echidna, a program for testing smart-contracts created by the well-established audit firm Trail of Bits.

The hack highlights the vulnerability of the DeFi space. Still, Opyn’s response to the incident is adequate and instills optimism about Opyn’s future despite the negative impact of the attack.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.