{"id":59042,"date":"2022-03-22T10:58:40","date_gmt":"2022-03-22T08:58:40","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=59042"},"modified":"2025-09-04T19:52:02","modified_gmt":"2025-09-04T16:52:02","slug":"onering-finance-defi-protocol-hacked-for-2-million","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/onering-finance-defi-protocol-hacked-for-2-million\/","title":{"rendered":"OneRing Finance DeFi protocol hacked for $2 million"},"content":{"rendered":"<p>The multi-chain yield-optimisation protocol in stablecoins OneRing Finance was hacked. The hacker withdrew $1.45 million using <a href=\"https:\/\/forklog.com\/en\/news\/what-are-flash-loans\">a flash loan<\/a>, with the project&#8217;s losses amounting to about $2 million.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">We got hacked today, a few hours ago OneRing protocol suffered from a flashloan attack that was completely unexpected. Please read:<a href=\"https:\/\/t.co\/w0Xfl7gChK\">https:\/\/t.co\/w0Xfl7gChK<\/a><\/p>\n<p>\u2014 OneRing (@Onering_Finance) <a href=\"https:\/\/twitter.com\/Onering_Finance\/status\/1506078798537793541?ref_src=twsrc%5Etfw\">March 22, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>To carry out the exploit, the attacker deployed a special smart contract on the <a href=\"https:\/\/forklog.com\/en\/news\/what-is-fantom-ftm\">Fantom<\/a> platform. Because the script was set to self-destruct, it is almost impossible to determine which vulnerabilities were exploited, the project team noted. To obtain any information, they are working with node providers.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;This merely tells us that the hacker is a professional, and since we were the only breached protocol, the attack was thoroughly planned,&#8221; the statement said.<\/p>\n<\/blockquote>\n<p>PeckShield researchers traced the main steps of the incident.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">3\/ To illustrate, we use the hack tx and show the key steps below <a href=\"https:\/\/t.co\/FidWcSo3NW\">pic.twitter.com\/FidWcSo3NW<\/a><\/p>\n<p>\u2014 PeckShield Inc. (@peckshield) <a href=\"https:\/\/twitter.com\/peckshield\/status\/1506091693401018370?ref_src=twsrc%5Etfw\">March 22, 2022<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>After deploying the smart contract, the attacker borrowed 80 million USDC via a flash loan, which he used to manipulate the price of the OShare token in the liquidity pool.<\/p>\n<p>After repaying the loan, its profit amounted to $1,454,672. Due to swap fees and loan repayments, another $500,000 was lost. In total, the protocol&#8217;s losses amounted to nearly $2 million.<\/p>\n<p>The stolen funds were moved from Fantom to Ethereum and immediately sent to the Tornado Cash mixer. Through this service he funded a newly created wallet that he used for the attack.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;This address is as clean as possible, and the assets currently disappearing into Tornado Cash limit our ability to contact exchanges and any parties to prevent the hacker&#8217;s funds from being withdrawn,&#8221; said the OneRing team.<\/p>\n<\/blockquote>\n<p>The developers stressed that only the OShare liquidity pool on the Fantom platform was affected. The rest of the funds are safe, but the project has suspended all vault operations.<\/p>\n<p>OneRing said they are working on a plan to reimburse users.<\/p>\n<p>The protocol team offered the hacker 15% of the stolen funds plus 1 million native RING tokens in exchange for a return, though called such a development &#8220;unlikely&#8221;.<\/p>\n<p>Following the breach, the project&#8217;s token price fell from around $0.93 to near $0.82.<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh6.googleusercontent.com\/5f3JdwSvQNNqsynVJsyFJ3emOObFHuAfAUqalSRzhwD8W0rTJK8j8iXvhAxb2vNBS8_wywOyfo3WfXNLKGhxctebmplYx2E0UVcnQiG5CF5GRpwkmoj_OFPrhXg81aBSIr9erMoe\" alt=\"The OneRing Finance DeFi protocol was hacked for $2 million\"\/><figcaption>Data: <a href=\"https:\/\/dexscreener.com\/fantom\/0x84fc84b998a01e34c8a9714a600aebde8b4cc671\">DEX Screener<\/a>.<\/figcaption><\/figure>\n<p>Earlier in March, an unknown attacker used <a href=\"https:\/\/forklog.com\/en\/news\/hacker-exploits-deus-finance-dao-nets-about-3-million\">flash loans<\/a> on the DeFi project Deus Finance DAO and <a href=\"https:\/\/forklog.com\/en\/news\/hacker-exploits-deus-finance-dao-nets-about-3-million\">earned about $3 million<\/a>. The attacker also hacked the Agave and Hundred Finance protocols, with losses <a href=\"https:\/\/forklog.com\/en\/news\/hackers-drain-11-million-from-agave-and-hundred-finance-defi-protocols\">totaling about $11 million<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Multi-chain yield-optimisation protocol for stablecoins OneRing Finance was hacked. The hacker withdrew $1.45 million using a flash loan, with the project\u2019s losses amounting to about $2 million.<\/p>\n","protected":false},"author":1,"featured_media":59043,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1093],"class_list":["post-59042","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-defi"],"aioseo_notices":[],"amp_enabled":true,"views":"10","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/59042","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=59042"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/59042\/revisions"}],"predecessor-version":[{"id":59044,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/59042\/revisions\/59044"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/59043"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=59042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=59042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=59042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}