Decentralized Finance Protocol MonoX has confirmed that it was the victim of an attack in which more than $31 million in virtual currencies were stolen.
According to MonoX, the hackers exploited a flaw in the company's software used to create smart contracts. This accounting error allowed the hackers to inflate the price of token of start-up of blockchain MONO, and use it to pay for other tokens deposits.
In this Decentralized Finance Protocol, the token are exchanged using tokenIn (one token sent by a user) and tokenOut (one token received by a user). As soon as a token is exchanged, the price of tokenIn decreases while the price of tokenOut increases. By using the same tokenIn e tokenOutthe hackers were able to inflate the price of token MONO price, since the update of tokenOut update overwrites the price update of tokenIn. From there, this token was exchanged for $31 million in tokens for both blockchains Ethereum and Polygon.
According to the company MonoX, the software that performs these trading actions should have recorded such actions, and that therefore this error was eventually exploited and taken advantage of by the hackers.
The researcher of blockchainIgor Igamberdiev, said that the tokens stolen tokens included more than $18 million in tokens Wrapped Ethereum; more than $10 million in tokens MATIC and also $2 million in WBTC. This wide range also includes Wrapped Bitcon, Chainlink, Unit Protocol, Aavegotchi and Immutable X.
https://www.itworldcanada.com/post/hackers-steal-virtual-coins-by-exploiting-software-bug
