MonoX security breach was caused by a bug in smart contracts meanwhile Badger is still investigating the incident.
Two DeFi projects BadgerDAO and MonoX are the latest victims of security breaches in which hundreds of millions of dollars worth of cryptocurrency has been stolen by hackers.
It is worth noting that both projects became victims in two separate breaches. In the case of the decentralized finance protocol BadgerDAO, the company discovered the attack on December 2nd in which hackers managed to steal $120 million, while MonoX lost $31 million to unknown attackers on November 30th.
MonoX $31 million Breach
As for how it happened, the MonoX DEX platform breach took place after hackers exploited a vulnerability in smart contract software. Smart contracts are digital contracts stored on a blockchain that is automatically executed when predetermined terms and conditions are met.
According to reports, hackers exploited the vulnerability to increase the price of MONO through smart contracts and bought assets with MONO tokens.
MonoX has acknowledged the breach and explained in a blog post that:
The exploit was caused by a smart contract bug that allows the sold and bought token to be the same. In the case of the attack, it was our native MONO token. When a swap was taking place and tokenIn was the same as tokenOut, the transaction was permitted by the contract.
On the other hand, Igor Igamberdiev, an IT security researcher on Twitter was able to break down the stolen tokens. According to Igamberdiev’s tweet, the hackers managed to steal:
- – 5.7M MATIC ($10.5M)
- – 3.9k WETH ($18.2M)
- – 36.1 WBTC ($2M)
- – 1.2k LINK ($31k)
- – 3.1k GHST ($9.1k)
- – 5.1M DUCK ($257k)
- – 4.1k MIM ($4.1k)
- – 274 IMX ($2k)
BadgerDAO $120 million Breach
Apparently, On November 27th, BadgerDAO’s customers on Discord alerted admins of unusual spend requests; however, these alerts were brushed off by one of the admins going by Discord handle of Admin Blackbear as some random bug.
Resultantly, the “bug” turned out to be hackers attempting to steal funds.
Although BadgerDAO is yet to confirm the exact amount of stolen funds, reports indicate that hackers managed to steal $120 million after targeting the protocol on the Ethereum network at contract address 0x1fcdb04d0c5364fbd92c73ca8af9baa72c269107.
In a tweet, the platform said that it has paused all smart contracts to prevent further withdrawals.
Meanwhile, PeckShield Inc., a blockchain security and data analytics company managed to break down the stolen funds as shown in the screenshot below:
Hackread.com is keeping an eye on the incident and will be updating you once BadgerDAO provides new details.