MonoX Hacked Amidst Security Audit Mixup
MonoX is the latest DeFi platform to be hit by a successful hack attempt. The DeFi platform, which launched its mainnet about a month ago, suffered its biggest attack despite conducting two separate audits before the hack happened.
In the late hours of November 30, the team behind the DeFI protocol tweeted a statement announcing its hack. MonoX revealed that the hackers had tricked its smart contracts into inflating MONO tokens before using them to buy other assets in the pool.
“This morning our contract has been exploited...the team is investigating and will try our very best to get the stolen funds back. A method in the swap contract was exploited and boosted MONO token price to sky-high. The attacker then used MONO token to purchase all the other assets in the pool,” read the tweet.
Successful Hack Despite Audit
MonoX claims it had hired two separate security firms to conduct independent audits. Both audits, according to the MonoX team, failed to recognize any vulnerability in MonoX’s protocol.
“Security of users’ funds is of utmost importance to us and we have had multiple security audits and a security advisor firm that work with us on an ongoing basis. However, unfortunately, we were still exploited,” said the company in its statement.
Funds carted away by the hacker(s) is estimated to be about $31 million, and have been stolen across a host of digital assets like Wrapped Tether (WETH) and Polygon’s MATIC.
There are suggestions that the hackers might have stolen MonoX’s entire crypto pool at the moment of attack.
A few hours after MonoX revealed its protocol had been exploited, Halbon Security released an absolving screenshot suggesting that it had indeed spotted the flaw before it was exploited.
“Security & Risk are 1 in the same. When risks are found, it’s a client’s decision to mitigate or accept said risk,” Halborn Securities said in a tweet.
MonoX team would however respond with a quote tweet claiming Halborn Security had cropped away parts of the screenshot and had indeed informed MonoX that that particular vulnerability had been solved.
As of December 1, MonoX has promised to do all it can to recover the loot and has plans to award the hacker a significant sum if the loot is returned.
You can buy, trade any of your preferred tokens for Ethereum (ETH) on ChangeNOW without any registration.
Welcome to the NOW experience! The ChangeNOW team presents you with the new community-inspired crypto wallet – NOW Wallet.