There is a lot of competition in the world of decentralized finance. DeFi projects explore cross-chain support or even move the entire project over to achieve a broader user base and better security. For MonoX, however, things do not look too great, as a hacker exploited the protocol for over $30 million.
MonoX Gets Exploited
While it is not uncommon for DeFi protocols to get hacked or exploited, it remains a problematic endeavor. Smart contracts can be vetted and audited, yet there is no way to make them 100% secure. Moreover, no decentralized finance protocol can claim user assets will not be hacked or stolen. Users of MonoX found that out the hard way today, as a culprit ran off with over $30 million of assets on Ethereum and Polygon.
The MonoX hack became apparent a few hours ago. User Igor Igamberdiev noted how various assets managed by the DeFi protocol were seemingly behaving strangely. More specifically, the assets were all flowing to the same address in quick succession, putting the protocol’s liquidity at risk. Stolen assets include MATIC, Wrapped Ether, Wrapped Bitcoin, LINK, GHOST, DUCK, MIM, and IMX.
I even started to get a little bored, but half an hour ago $31M were stolen from @MonoXFinance on Polygon and Ethereum.
– 5.7M MATIC ($10.5M)
– 3.9k WETH ($18.2M)
– 36.1 WBTC ($2M)
– 1.2k LINK ($31k)
– 3.1k GHST ($9.1k)
– 5.1M DUCK ($257k)
– 4.1k MIM ($4.1k)
– 274 IMX ($2k) pic.twitter.com/BjtW7UlG6b
— Igor Igamberdiev (@FrankResearcher) November 30, 2021
It did not take long for the MonoX team to acknowledge something had gone wrong. The swap contract had one of its methods exploited, allowing the hacker to boost the MOMO price token. THrough that boost, the culprit could purchase all other liquidity in the pool and withdraw them to a native address. A very problematic scenario that shows similarities to flash loan attacks.
The bigger question is whether the team will compensate affected users in any way. More often than not, some of the stolen funds are recovered. Exchanges will prevent the address from spending these assets, rendering the money virtually worthless to whoever took them. That doesn’t mean they will be sent back either, though, as they can become unspendable. MonoX will have much to figure out and do so quickly, as DeFi users aren’t always known for their patience.
Will Communication Lines Open?
In a recent Tweet, MonoX acknowledges it was an opportunity to “talk to the hacker”. A common approach when smart contracts get exploited, although that doesn’t guarantee a reply. Moreover, it raises questions as to whether this is an external culprit or an internal one. Incidents like these are always problematic for reasons beyond financial loss.
We also really wish to have a chance in talking with the "hacker". We value very much for what we've built for the current and future MonoX, and most importantly our users and their funds; PLEASE reach out to us
— MonoX (@MonoXFinance) November 30, 2021
Moreover, the value of the MonoX token on exchanges is dropping rapidly. That is to be expected after such a security incident. It is hard for users to trust platforms and companies again after their money has been taken. It does not spell the end for MonoX, although there is a severe breach of trust regarding this project. Affected users can only hope things get resolved sooner rather than later.
Looking to advertise? We will gladly help spread the word about your project, company, or service. CryptoMode produces high quality content for cryptocurrency companies. We have provided brand exposure for dozens of companies to date, and you can be one of them. All of our clients appreciate our value/pricing ratio. Contact us if you have any questions: [email protected]