The hackers managed to artificially boost the price of MONO tokens and then buy out all other tokens from the liquidity pools by draining the smart contracts.
In one of the latest DeFi hacks, $31 million have been stolen from DeFi platform MonoX. DeFi platform MonoX offers liquidity pools for traders to place their tokens or receive tokens against providing liquidity.
The funds have been stolen across cryptocurrencies. This includes $18.2 million in Wrapped Ether (WETH) and another $10.5 million in Polygon (MATIC). Thus, the hackers managed to steal the tokens across two different blockchains – Ethereum and Polygon. Other tokens linked to the hack include WBTC, LINK, GHST, DUCK, MIM and IMX.
Soon after the hack, MonoX released a statement of explanation. It noted that the hackers had artificially inflated the price of MONO tokens. This later allowed the hackers to use these tokens to purchase other assets in the pool at a much cheaper rate. The statement further reads:
“First, we want to extend immediate, sincerest apologies toward the incident and we assure you our entire team and partners are all working on this right now. Security of users’ funds is of utmost importance to us and we have had multiple security audits and a security advisor firm that work with us on an an ongoing basis. However, unfortunately, we were still exploited”.
Ruyi Ren, the CEO of MonoX also confirmed the hack on Telegram. He further told users that the MonoX team is attempting to contact the hacker to “pay him/her a legit amount of money to get the funds back.”
Details About the MonoX DeFi Hack
As per the data provided by BlockSec, the hacker managed to trick MonoX’s smart contracts into pumping up the price of the MONO token. As said, upon increasing the price of the MONO token, the hacker used the token for swapping out all other assets in MonoX’s liquidity pools. The statement from MonoX’s team reads:
“A method in the swap contract was exploited and boosted MONO token price to sky high. The attacker then used MONO token to purchase all the other assets in the pool.”
The unfortunate thing about this is that MonoX has previously conducted audits from two smart contract auditors – Halborn and Peckshield. But neither of the two auditors was able to identify the exploit that the hacker had used to completely drain MonoX’s smart contracts.
MonoX is the latest among the list of protocols being victim to hacks this year. In October, DeFi protocol Indexed Finance suffered a $16 million exploit.