Blockchain startup MonoXFinance said Wednesday that hackers have managed to steal $31 million due to a bug in the software used to draft smart contracts. The company uses a decentralized approach called MonoX
A MonoX company representative said: “Project owners can list their tokens without the burden of capital requirements and focus on using funds to build projects rather than providing liquidity. It works by depositing tokens Coin and vCASH are combined into a virtual pair to provide a single token pool design”.
MonoX Finance revealed in a post that an accounting error in the company’s software allowed attackers to inflate the price of MONO tokens, which were then used to cash out all other deposited tokens. The transaction is equivalent to $31 million worth of tokens on the Ethereum or Polygon blockchains, both of which are backed by the MonoX protocol.
Specifically, the hackers used the same token as tokenIn and tokenOut, which is a way of exchanging the value of one token for another. MonoX updates the price after each swap by calculating the new price of both tokens. When the exchange is completed, the price of tokenIn -- the tokens sent by the user -- decreases, and the price of tokenOut -- or the tokens received by the user -- increases.
By using the same token in both tokenIn and tokenOut, the hacker greatly inflated the price of the MONO token, as the update of tokenOut overridden the price update of tokenIn. The hackers then exchanged the token for $31 million worth of tokens on the Ethereum and Polygon blockchains.