A Software Bug Let Hackers Drain $31M From a Crypto Service

Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts.

The company uses a decentralized finance protocol known as MonoX that lets users trade digital currency tokens without some of the requirements of traditional exchanges. “Project owners can list their tokens without the burden of capital requirements and focus on using funds for building the project instead of providing liquidity,” MonoX company representatives wrote in November. “It works by grouping deposited tokens into a virtual pair with vCASH, to offer a single token pool design.”

An accounting error built into the company’s software let an attacker inflate the price of the MONO token and then use it to cash out all the other deposited tokens, MonoX Finance revealed in a post. The haul amounted to $31 million worth of tokens on the Ethereum or Polygon blockchains, both of which are supported by the MonoX protocol.

Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX updates prices after each swap by calculating new prices for both tokens. When the swap is completed, the price of tokenIn—that is, the token sent by the user—decreases and the price of tokenOut—or the token received by the user—increases.

By using the same token for both tokenIn and tokenOut, the hacker greatly inflated the price of the MONO token because the updating of the tokenOut overwrote the price update of the tokenIn. The hacker then exchanged the token for $31 million worth of tokens on the Ethereum and Polygon blockchains.

There’s no practical reason for exchanging a token for the same token, and therefore the software that conducts trades should never have allowed such transactions. Alas, it did, despite MonoX receiving three security audits this year.

The Pitfalls of Smart Contracts

“These kinds of attacks are common in smart contracts, because many developers do not put in the legwork to define security properties for their code,” said Dan Guido, an expert in the securing of smart contracts like the one hacked here. “They had audits, but if the audits only state that a smart person looked at the code for a given period of time, then the results are of limited value. Smart contracts need testable evidence that they do what you intend and only what you intend. That means defined security properties and techniques employed to evaluate them.”

The CEO of security consultancy Trail of Bits, Guido continued:

Most software requires vulnerability mitigation. We proactively look for vulnerabilities, acknowledge they might be insecure while using them, and build systems to detect when they get exploited. Smart contracts require vulnerability elimination. Software verification techniques are widely used to offer provable assurances that the contracts work as intended. Most of the security issues in smart contracts arise when developers adopt the former security approach, instead of the latter. There are many smart contracts and protocols that are large, complex, and highly valuable that have avoided incidents, alongside the many that have been instantly exploited upon their launch.

Blockchain researcher Igor Igamberdiev took to Twitter to break down the makeup of the drained tokens. Tokens included $18.2 million in Wrapped Ethereum, $10.5 in MATIC tokens, and $2 million worth of WBTC. The haul also included smaller amounts of tokens for Wrapped Bitcoin, Chainlink, Unit Protocol, Aavegotchi, and Immutable X.

Only the Latest DeFi Hack

MonoX isn’t the only decentralized finance protocol to fall victim to a multimillion-dollar hack. In October, Indexed Finance said it lost about $16 million in a hack that exploited the way it rebalances index pools. Earlier this month, blockchain-analysis company Elliptic said so-called DeFi protocols have lost $12 billion due to theft and fraud. Losses in the first roughly 10 months of this year reached $10.5 billion, up from $1.5 billion in 2020.

“The relative immaturity of the underlying technology has allowed hackers to steal users’ funds, while the deep pools of liquidity have allowed criminals to launder proceeds of crime such as ransomware and fraud,” the Elliptic report stated. “This is part of a broader trend in the exploitation of decentralized technologies for illicit purposes, which Elliptic refers to as DeCrime.”