Re: Really stupid “smart contract” bug let hackers steal $31 million in digital coin – Ars Technica

Steven Schear schear.steve at gmail.com
Fri Dec 3 10:02:05 PST 2021


Another Rekt crypto venture.

https://rekt.news/monox-rekt/

On Thu, Dec 2, 2021, 10:46 PM jim bell <jdb10987 at yahoo.com> wrote:

> https://arstechnica.com/information-technology/2021/12/hackers-drain-31-million-from-cryptocurrency-service-monox-finance/?amp=1
>
>
> Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31
> million by exploiting a bug in software the service uses to draft smart
> contracts.
>
> The company uses a decentralized finance protocol known as MonoX that lets
> users trade digital currency tokens without some of the requirements of
> traditional exchanges. “Project owners can list their tokens without the
> burden of capital requirements and focus on using funds for building the
> project instead of providing liquidity,” MonoX company representatives say
> here
> <http://go.redirectingat.com/?id=100098X1555750&xs=1&url=https%3A%2F%2Fmedium.com%2Fmonoswap%2Fmonox-spotlight-coinlist-seed-5a45ca1e5205&sref=rss>.
> “It works by grouping deposited tokens into a virtual pair with vCASH, to
> offer a single token pool design.”
>
> An accounting error built into the company’s software let an attacker
> inflate the price of the MONO token and to then use it to cash out all the
> other deposited tokens, MonoX Finance revealed in a post
> <http://go.redirectingat.com/?id=100098X1555750&xs=1&url=https%3A%2F%2Fmedium.com%2Fmonoswap%2Fexploit-post-mortem-33921a779b43&sref=rss>.
> The haul amounted to $31 million worth of tokens on the Ethereum or Polygon
> blockchains, both of which are supported by the MonoX protocol.
>
> Specifically, the hack used the same token as both the tokenIn and
> tokenOut, which are methods for exchanging the value of one token for
> another. MonoX updates prices after each swap by calculating new prices for
> both tokens. When the swap is completed, the price of tokenIn—that is, the
> token sent by the user—decreases and the price of tokenOut—or the token
> received by the user—increases.
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 3382 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20211203/3129e9b1/attachment.txt>


More information about the cypherpunks mailing list