- A hacker has exploited MonoX Finance’s smart contracts, draining $31 million worth of assets.
- The MonoX team are attempting to contact the hacker to ask for the funds to be returned.
- Despite receiving two independent audits, the vulnerabilities in MonoX’s smart contracts were not found.
A hacker has exploited the single token liquidity platform MonoX Finance, draining $31 million worth of tokens across Ethereum and Polygon.
MonoX Finance Hacked
A hacker has wiped out another DeFi protocol.
MonoX Finance, a DeFi protocol allowing users to provide liquidity with single assets on Ethereum and Polygon, appears to have been exploited. Users noticed that all staking pools across Ethereum and Polygon had been drained Tuesday morning, with over $31 million worth of tokens taken.
Igor Igamberdiev was the first to provide a breakdown of the hack on Twitter. Of the funds lost, $18.2 million worth was in Wrapped Ethereum, with a further $10.5 million worth of MATIC tokens also stolen. Smaller amounts of several other tokens were also lost, including Wrapped Bitcoin, Chainlink, Unit Protocol, Aavegotchi, and Immutable X.
On Telegram, MonoX Finance Founder and CEO Ruyi Ren confirmed that the protocol had been hacked and told users that the MonoX team is attempting to contact the hacker to “pay him/her a legit amount of money to get the funds back.”
According to BlockSec, the hacker managed to trick MonoX’s smart contracts into pumping up the price of the protocol’s MONO token. Once the price of MONO had increased enough, the hacker used the token to swap out all other assets in MonoX’s liquidity pools.
The MonoX team have also released a statement confirming how the exploit took place, stating:
“A method in the swap contract was exploited and boosted MONO token price to sky high. The attacker then used MONO token to purchase all the other assets in the pool.”
MonoX had previously been audited by two smart contract auditors—Peckshield and Halborn. However, neither audit was able to identify the exploit that the hacker used to drain the protocol’s smart contracts.
MonoX joins a long list of DeFi protocols to fall victim to hackers this year. In October, DeFi protocol Indexed Finance suffered a $16 million exploit when a hacker managed to trick the protocol’s smart contract into miscalculating the value of deposited assets. Like MonoX, Indexed Finance had also received two separate audits that could not find the vulnerabilities in the protocol’s smart contracts.
The crypto analytics firm Elliptic estimates $12 billion has been lost this year to DeFi exploits, with $5.5 billion the result of code exploits like in the case of MonoX Finance.
Disclosure: At the time of writing this feature, the author owned BTC, ETH, and several other cryptocurrencies.