MonoX has confirmed a breach in which hackers squandered $31 million in virtual coins by exploiting a flaw in the company’s software used to create smart contracts.
According to MonoX finance, an accounting error gave access to hackers who inflate the price of the blockchain startup’s MONO token and then use it to pay out other deposited tokens.
On MonoX, tokens are exchanged using tokenIn (token sent by a user) and tokenOut (token received by a user). As soon as a token is exchanged, the price of tokenIn decreases while the price of tokenOut increases.
By using the same tokenIn and TokenOut, the attackers could inflate the price of the MONO token, since updating the tokenOut overwrote the price update of the tokenIn.
From there, they exchanged the token for $31 million worth of tokens for both Blockchains Ethereum and Polygon.
The company pointed out that the software conducting trade and is supposed to mark such actions suggests that an error has been exploited.
Blockchain researcher Igor Igamberdiev said the stolen tokens included $18.2 million in Wrapped Ethereum, $10.5 million in MATIC tokens and $2 million worth of WBTC. Others include Wrapped Bitcoin, Chainlink, Unit Protocol, Aavegotchi and Immutable X.
For more information, read the original story in Ars Technica.