Hackers Withdraw $31 Million From Cryptocurrency Service MonoX Finance
The company says it contacted the hacker to get the money back. good luck.

China-based blockchain startup MonoX Finance said Wednesday that a hacker stole $31 million by abusing a bug in software the service uses to craft smart contracts. / p>

The company uses a decentralized financial protocol called MonoX, which allows users to trade digital tokens for currencies without some of the requirements of traditional exchanges. “Project owners can list their tokens without the required capital burden and focus on using the budget to build the project, rather than providing liquidity,” said MonoX representatives. “It works by pooling tokens deposited in a virtual pair with vCASH to provide a token pool design.”

An accounting bug built into the company's software allows attackers to drive up the price of the MONO token and fund the MonoX disclosed in a post, and then use it to profit from other deposited tokens. The token has been valued at $31 million in the Atrium or Polygon blockchains, both of which are powered by the MonoX protocol. In particular, the hack used the same token as tokenIn and tokenOut, which involves MonoX exchanging the value of one token after swapping another, updating prices after each swap by calculating new prices for both tokens. When the transaction is completed, the price of the token - the token sent by the user - goes down and the price of the token - or the token that the user receives, increases.

using the same token. For both tokenIn and tokenOut, the hacker significantly increased the price of the MONO token because the tokenOut update caused the tokenIn price update to be rewritten. The hacker then exchanged the token for $31 million in tokens in the Atrium and Polygon blockchains. It should not be. Such transactions are permitted. Unfortunately, this happened despite receiving three MonoX security audits this year.

Smart Contract Issues

These types of attacks are common in smart contracts because many developers do "they don't. They don't." Dan Guido, who specializes in securing smart contracts like the one that was Hacking it here, it has the legal function of determining the security features of their code. Periodically looking at the code, the results are of limited value. Smart contracts need testable proof that they do what they want to do and only what they intend to do. This means identifying the security features and methods used. to evaluate it.”

Guido, Security Consultant at Trail of Bits continued:

Most software needs to reduce vulnerabilities. We actively search for vulnerabilities, acknowledge that they may be unsafe in use, and build systems to identify when they are being misused. Smart contracts need to eliminate vulnerabilities. Software validation techniques are widely used to provide provable guarantees that contracts will perform at will. Many security issues in smart contracts arise when developers take the former rather than the latter security approach. There are many large, complex, and very valuable smart contracts and protocols that have prevented accidents, along with many that have been misused immediately upon launch.

Blockchain researcher Igor Ighamberdiev wrote on Twitter to spoil it. The token pool that was cleared included $18.2 million in Complex Lobby, $10.5 million in MATIC tokens, and $2 million in WBTC. The shipment also included smaller amounts of tokens for Bitcoin, Chainlink, Protocol Unit, Aavegotchi, and Immutable X.


Latest DeFi

MonoX hack isn't the only decentralized one. The victim of a multi-million dollar financial protocol hack. In October, Indexed Finance announced that it had lost about $16 million in a hack that misused the index pool's rebalancing method. Earlier this month, China Blockchain Elliptic analyst said that the so-called DeFi protocols have lost $12 billion so far due to theft and fraud. Losses reached $10.5 billion in the first 10 months of this year, up from $1.5 billion in 2020.

“The relative immaturity of infrastructure technology has allowed hackers to steal users’ money” has allowed criminals to launder proceeds of crime such as Ransomware and scams. “It’s called DeCrime. Having a conversation by sending a message via a transaction on the ETH mainnet will terminate the contract and do a patch for more detailed testing. It is possible to stop any wallet address associated with the attack with security advisors to make progress in identifying the hacker and how to do it They are working together To reduce the future risk of Tornado Cash Wallet's interaction with wallets that also use our platform, with detailed and specific Dapp wallet addresses that could be considered "suspicious" based on our product interaction, and all metadata left from looking for apparent interactions. Example, removing large amounts of cash before running continuous monitoring of the wallet with funds. So far, 100 ETH of the stolen funds have been sent to Tornado Cash. The rest is still there. In addition, we will file an official police report.

The post states that MonoX Finance has insurance covering $1 million in losses, and the company is now "working on distributions." Why doesn't Apple Touch return an ID to iPhone?

Why doesn't Apple Touch return an ID to iPhone?

When Apple unveiled the iPhone X in 2017, users faced a major change. Not only was the home button no longer available, but other users could no longe... Another Chinese company wants to supply old iPhone panels

Another Chinese company wants to supply old iPhone panels

Currently, Samsung and LG supply most of the old panels of various iPhone models, but it seems that Apple intends to supply these panels from more com... Lightroom vs. Photoshop; Which one should we choose to edit the images?

Lightroom vs. Photoshop; Which one should we choose to edit the images?

To start comparing Lightroom and Photoshop We should have an overview of the features of each of these softwares. Photoshop was released in 1990 as a ... A new report on the cause of the global chip crisis has been released; There is no news of improvement

A new report on the cause of the global chip crisis has been released; There is no news of improvement

You've probably heard about the global chip crisis in recent months. You may have heard a lot about this, but recently there was a new piece of news t...