link.png

ID:

onus-152

Date:

Status:

Incident Count:

December 25, 2021

Verified

1

info.png
target.png
REKT

Contributor:

chain.png

zerofriction.io

KYC By:

KYC:

None

info.png

Audit By:

Audits:

Certik

Loss Amount:

-

info.png

Recovered:

-

Rewards:

Currency:

USD

info.png

The payment system of ONUS, the largest cryptocurrency trading platform in Vietnam, running a vulnerable version of Log4j suffered a cyber attack. Cyclos notified ONUS to repair the system on December 13, but it was too late. Although ONUS has fixed the security loopholes in the Cyclos instance, the window of loopholes allowed attackers to successfully steal data from sensitive databases. The stolen database contained nearly 2 million user data, including KYC (Know Your Customer) data, hashed passwords, etc. Subsequently, the attacker asked ONUS to pay a ransom of 5 million, otherwise the stolen data would be made public. On December 25, because ONUS did not pay the full ransom, the attackers sold customer data on the dark web data exchange market.

info.png

DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose. 

Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.