VERDICT —OUT OF SCOPE
Root cause is infrastructure (DNS / cloud / database / third-party API) compromise, not on-chain contract logic. Pre-deployment source review would not surface this; coverage lives in cloud-security + supply-chain audit, separate discipline.
▰ METHOD
INFRASTRUCTURE
INFRASTRUCTURE
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
▰ PROOF OF CONCEPT
DEFIHACKLABS
src/test/2020-08/Opyn_exp.sol
view forked test on github ↗Reproducible Foundry test fork from SunWeb3Sec/DeFiHackLabs. Clone the repo, run forge test against the file path above, and replay the exploit against a mainnet fork at the historical block. Use for reproduction only — not for live targets.
Forensic narrative
Attackers raided the decentralized finance (DeFi) protocol Opyn yesterday, making off with over 370,000 USDC. Opyn, which deals primarily with options for ETH, was subject to a double-spend attack. Reported loss: $370,000.
Sourced from
chainsec
Technical record
- chain
- ethereum
- protocol
- Opyn
- bug_class
- infrastructure
- date_occurred
- 2020-08-04
- loss_usd
- $370,000
- source_id
- cs:opyn::2020-08-04
Related — same bug class· infrastructure