Hackers Steal Virtual Coins By Exploiting Software Bug

MonoX has confirmed a breach in which hackers squandered $31 million in virtual coins by exploiting a flaw in the company’s software used to create smart contracts.

According to MonoX finance, an accounting error gave access to hackers who inflate the price of the blockchain startup’s MONO token and then use it to pay out other deposited tokens.

On MonoX, tokens are exchanged using tokenIn (token sent by a user) and tokenOut (token received by a user). As soon as a token is exchanged, the price of tokenIn decreases while the price of tokenOut increases.

By using the same tokenIn and TokenOut, the attackers could inflate the price of the MONO token, since updating the tokenOut overwrote the price update of the tokenIn.

From there, they exchanged the token for $31 million worth of tokens for both Blockchains Ethereum and Polygon.

The company pointed out that the software conducting trade and is supposed to mark such actions suggests that an error has been exploited.

Blockchain researcher Igor Igamberdiev said the stolen tokens included $18.2 million in Wrapped Ethereum, $10.5 million in MATIC tokens and $2 million worth of WBTC. Others include Wrapped Bitcoin, Chainlink, Unit Protocol, Aavegotchi and Immutable X.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web