monox-179MonoXThe automatic market maker protocol MonoX was hacked. In this attack, approximately US$18.2 million worth of WETH and 10.5 million US dollars of MATIC were stolen. Other stolen tokens included WBTC, LINK, GHST, DUCK, MIM and IMX. The total loss was approximately 31 million U.S. dollars. The hacker exploited the MonoX protocol because the same token is used for the tokenIn and tokenOut functions. Since they were able to use the same tokens in the swapTokenFORExactToken function, the updated tokenOut will supersede the tokenIn’s price update. This led MONO token price to increase and be used to purchase most of the assets in the protocol.

Detail Analysis

< Back

MonoX

Submit Incident Report

Date:

Status:

Count:

Contributor:

November 30, 2021

Verified

zerofriction.io

Loss Amount:

31,000,000

Recovered Amount:

Currency:

Dollars,WETH, MATIC, WBTC, LINK, GHST, DUCK, MIM and IMX

KYC By:

Audit By:

None

Halborn, Peckshield

Website:

https://monox.finance/

Twitter:

https://twitter.com/MonoXFinance

Discord:

https://discord.com/invite/y3yRPBY7US

Telegram:

https://t.me/MonoXOfficial

Medium:

https://medium.com/monoswap

Github:

No data

Key Indicators

Platform:

Type:

Category:

Method:

Ethereum, Polygon

Protocol

Dexes

Contract Vulnerabilities

Extended Method:

Logic error

Data Sources:

https://slowmist.medium.com/detailed-analysis-of-the-31-million-monox-protocol-hack-574d8c44a9c8

The automatic market maker protocol MonoX was hacked. In this attack, approximately US$18.2 million worth of WETH and 10.5 million US dollars of MATIC were stolen. Other stolen tokens included WBTC, LINK, GHST, DUCK, MIM and IMX. The total loss was approximately 31 million U.S. dollars. The hacker exploited the MonoX protocol because the same token is used for the tokenIn and tokenOut functions. Since they were able to use the same tokens in the swapTokenFORExactToken function, the updated tokenOut will supersede the tokenIn’s price update. This led MONO token price to increase and be used to purchase most of the assets in the protocol.

DISCLAIMER: While Zero Friction LLC has used the best efforts in aggregating and maintaining this database, Zero Friction LLC makes no representations or warranties with respect to the accuracy or completeness, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.

Under no circumstances, shall Zero Friction LLC be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the dataset or information derived from our database.

< Back