Skip to main content
Sign in
Onyx Protocol1 decision on this page

Audit log

Every state-changing event for Onyx Protocol: moderation decisions on community submissions, plus corrections and updates from the news pipeline. URL-based decisions carry three independent witnesses — the original source, an Internet Archive snapshot taken at submission time, and a Solana memo signed by our publicly-disclosed publisher key.

  1. #1publishby system:backfill
    2026-05-28 08:20:43Z
    Score: ?? (no score change)
    anchoranchored
    chain
    mainnet-betaslot 422,682,732
    sig
    5c7JgSEiwYTH…NtNNLbxfexplorer ↗
    hash
    73MfqsETBVvS…aBqmQccDsha256 → base58
    verifying row…full verify ↗
    canonical bytes (6467 B) ▸
    {"actor":"system:backfill","investigation_id":"ef9d20ac-7b82-459a-84c2-2560148b7857","kind":"publish","page_slug":"onyx-protocol","published_at":"2026-05-28T08:20:43.598Z","sequence_num":1,"snapshot":{"content_type":"investigation","entity_name":"Onyx Protocol","sections":[{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.weex.com/questions/article/who-is-behind-onyxcoin-xcn-crypto-the-full-story-explained-67773","type":"other","url":""},{"credibility":3,"name":"https://www.withtap.com/blog/what-is-chain-xcn","type":"other","url":""},{"credibility":3,"name":"https://www.gate.com/learn/articles/what-is-onyx-protocol-all-you-need-to-know-about-xcn/4336","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://hacken.io/discover/onyx-protocol-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.certik.com/resources/blog/post-mortem-onyx-protocol","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-onyx-protocol-hack-october-2023","type":"other","url":""},{"credibility":3,"name":"https://www.merklescience.com/blog/onyx-protocol-hack-flow-of-funds-analysis","type":"other","url":""},{"credibility":3,"name":"https://crypto.news/hackers-exploit-onyx-protocol-for-2-1m/","type":"other","url":""},{"credibility":3,"name":"https://www.cryptotimes.io/2023/11/01/onyx-protocol-lost-2-1-million-in-a-latest-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-onyx-protocol-hack-september-2024","type":"other","url":""},{"credibility":3,"name":"https://rekt.news/onyx-protocol-rekt2","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/onyx-protocol-preventable-hack/","type":"other","url":""},{"credibility":3,"name":"https://dailyhodl.com/2024/09/27/decentralized-web3-project-onyx-hacked-for-3800000-worth-of-crypto-peckshield/","type":"other","url":""},{"credibility":3,"name":"https://www.quillaudits.com/blog/hack-analysis/onyx-dao-hack","type":"other","url":""},{"credibility":3,"name":"https://www.cryptopolitan.com/onyx-protocol-hacked-again-for-3-8m-through-exchange-rate-exploit/","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://www.certik.com/resources/blog/post-mortem-onyx-protocol","type":"other","url":""},{"credibility":3,"name":"https://hacken.io/discover/onyx-protocol-hack/","type":"other","url":""},{"credibility":3,"name":"https://beincrypto.com/onyx-protocol-preventable-hack/","type":"other","url":""},{"credibility":3,"name":"https://www.halborn.com/blog/post/explained-the-onyx-protocol-hack-september-2024","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[{"credibility":3,"name":"https://cointelegraph.com/news/onyx-core-relaunch-after-3-8m-hack","type":"other","url":""},{"credibility":3,"name":"https://www.coininsider.com/news/2024/09/onyx-shuts-ethereum-lending-market-relaunches-as-onyx-core/","type":"other","url":""},{"credibility":3,"name":"https://financefeeds.com/defi-protocol-onyx-to-relaunch-after-3-8-million/","type":"other","url":""},{"credibility":3,"name":"https://www.bitget.com/news/detail/12560604240361","type":"other","url":""}]},{"content":"","heading":"","severity":"medium","sources":[]}],"sources_used":[],"summary":"Onyx Protocol is a DeFi lending protocol forked from Compound Finance v2, operating on Ethereum and issuing the XCN (Onyxcoin) token. The protocol suffered two major exploits in under twelve months — $2.1 million in October/November 2023 and $3.8 million in September 2024 — both stemming from the same known precision vulnerability in the Compound v2 codebase that the team had been warned about by auditor CertiK in February 2023 and chose not to remediate. Following the second hack the Ethereum-based lending market was shut down and the protocol relaunched as Onyx Core.","timeline":[{"date":"2014-01-01","event":"Adam Ludwin founds Chain, the predecessor company to Onyx Protocol, raising approximately $40 million from institutional investors including Nasdaq, Visa, and Citigroup.","source":""},{"date":"2018-01-01","event":"Chain is acquired by Lightyear Corp., a commercial subsidiary of the Stellar Development Foundation.","source":""},{"date":"2022-03-01","event":"Token rebranded from CHN to XCN at a 1:1,000 ratio; 5 billion XCN burned and 15 billion XCN donated to a new foundation.","source":""},{"date":"2023-01-01","event":"Governance proposal CIP-007 passes, officially renaming Chain Protocol to Onyx Protocol and Chain DAO to Onyx DAO.","source":""},{"date":"2023-02-27","event":"CertiK publishes audit report identifying the empty-pool/precision vulnerability in the Compound v2 fork code and explicitly recommending remediation. The Onyx team acknowledges the finding and decides not to act.","source":""},{"date":"2023-10-23","event":"Governance proposal to support a PEPE token market on Onyx passes with approximately 11 votes, majority from a single address.","source":""},{"date":"2023-10-26","event":"PEPE market contract deployed on Onyx with zero initial liquidity, creating the conditions for an empty-pool exploit.","source":""},{"date":"2023-11-01","event":"First exploit: attackers drain approximately 1,164 ETH ($2.1 million) from Onyx Protocol via the empty PEPE pool. TVL collapses 87%. Attacker address: 0x085bdff2c522e8637d4154039db8746bb8642bff.","source":""},{"date":"2024-09-26","event":"Second exploit: attacker (0x680910cf5Fc9969A25Fd57e7896A14fF1E55F36B) drains $3.8 million from Onyx Protocol using the same Compound v2 precision vulnerability plus an NFTLiquidation contract input-validation flaw. Assets stolen: 4.1M VUSD, 7.35M XCN, 0.23 WBTC, 5K DAI, 50K USDT.","source":""},{"date":"2024-09-29","event":"Governance proposal OIP-46 passes with 100% community support, approving shutdown of the Ethereum lending market, full lender reimbursement, and relaunch as Onyx Core.","source":""},{"date":"2024-10-01","event":"Onyx Core scheduled relaunch; Ethereum-based open lending market shut down.","source":""},{"date":"2025-02-01","event":"Onyx team announces development of the Onyx XCN Ledger, a Layer 3 blockchain built on Arbitrum Orbit using Coinbase Base as settlement layer, alongside a new whitepaper.","source":""}]},"v":1}
    Verify offline (run on your own machine)
    python -m src.verify_decision 02d3f849-551a-43a1-9662-05188f024836
How verification works. The “Row integrity” check above is computed in your browser — your machine recomputes the SHA-256 of the canonical bytes and compares against the stored hash. No avoid.net server can fake that check. The “full verify” link goes one level deeper: your browser fetches the on-chain transaction from a Solana RPC node and confirms the same hash is in the memo. If you don’t want to trust either avoid.net or the public RPC, run the CLI verifier on your own machine — python -m src.verify_decision <event_id>.