Breach, DNS hijack
Mad Meerkat Finance (MM.Finance) has the largest ecosystem on Cronos with its DEX, Yield Optimizer, NFT, Algo Stablecoin & DTF. MM Finance reported a frontend breach and requested its users not to perform any transactions or the funds will be sent to the exploiter wallet. The developers also asked the users to revoke its contract 0xbd872533Db178Ff7657Bf0057f25ABC4Ff6f904c.
The exploiter managed to inject a malicious contract address into the front-end code, and approximately $2M USD+ worth of digital assets has been compromised and bridged over to the Ethereum network via multichain followed by Tornado Cash. The attacker achieved this exploit through a DNS vulnerability to modify the router contract address in their hosted files. This resulted in users who interacted with MM.Finance site, which started from May 4th, 07:28 PM UTC to lose funds on performing: Swaps, Adding liquidity and Removing liquidity.
Post mortem conducted by the company identified the source address funded the exploit to OKX Exchange. The developers offered the exploiter 10% of the loot for the return of the remaining funds.
DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.