Exploitation of the MonoX Finance DeFi Protocol for $31 Million
The Trust Project is a global partnership of news organisations dedicated to developing transparency standards.
MonoX Financial is the second decentralised finance platform to fall victim to a multimillion-dollar hack this year. While details are few at the present, the developers behind the DeFi protocol tweeted late on Nov 30 that one of their smart contracts had been abused.
It continued by explaining that its swap contract had been abused, allowing the malicious actor to artificially raise the price of the MONO token before using it to acquire the pool’s other assets. The hack was made possible by a flaw in a smart contract that resulted in inaccurate price updates during token swaps.
Additionally, the team made an appeal to the attacker in an attempt to recoup part of the funds: We would also want to speak with the “hacker.” We are really proud of what we’ve accomplished for the present and future MonoX, as well as our users and their finances; PLEASE contact us.
Igor Igamberdiev of DeFi investigated the issue further and discovered that $31 million was stolen from the protocol’s Ethereum and Polygon platforms.
5.7 million MATIC ($10.5 million), 3,900 WETH ($18.2 million), 36 WBTC ($2 million), 1,200 LINK ($31k), 3,100 GHST ($9.1k), 5.1 million DUCK ($257k), 4,100 MIM ($4.1k), and 274 IMX ($2k) were stolen from the pool.
According to PeckShield, the attacker utilised Tornado Cash to encrypt the transactions. MonoX is a multi-chain DEX that utilises a single token pool methodology to address the capital inefficiencies caused by liquidity pairings.
2021: A DeFi-filled year
MonoX is the latest in a long line of compromised DeFi protocols this year. While the majority occurred on the Binance Smart Chain network, others, such as Polygon and Avalanche, had their protocols compromised.
PancakeBunny, Cream Finance, bEarn, Bogged Finance, Uranium Finance, Meerkat Finance, SafeMoon, Spartan Protocol, and Belt Finance are currently exploited BSC protocols.
On October 15, Indexed Finance lost $16 million in a breach involving its balanced pools, and on October 30, the BSC-based lending protocol BXH was hacked for up to $130 million.
November saw new exploits on Snowdog, Visor Finance, Ploutoz Finance, Unlock Protocol, Zenon Network, Blizzard, and bZx, according to DeFiYield’s Rekt Database.
Unsurprisingly, the MONO token has plummeted, falling below $5 by 16 percent on the day. Since hitting an all-time high of $7.48 on Nov 26, the token has dropped 33% in the last five days.
Also Read: Grayscale Investments’ Said The SEC Has ‘No Grounds’ To Deny Bitcoin Spot ETF