MonoX Finance was drained of $31M when an attacker exploited a price oracle vulnerability in its single-token pool design to inflate the MONO token price.
MonoX Finance used a single-token pool model where each asset was paired against the protocol's MONO token. The attacker exploited a flaw where swap calculations updated the MONO token price before completing the swap validation. By swapping MONO for other assets in the same transaction that inflated MONO's price, they could receive far more assets than input warranted, effectively draining the pools.
Stolen WETH, WBTC, LINK, UNI, and MATIC moved through multiple wallets. ETH converted via aggregators and sent through Tornado Cash. CertiK and PeckShield tracked fund flows on-chain. MonoX team published a post-mortem and launched a compensation program. No attacker identified, no funds recovered.
0x9f14d093a2349de08f02fc0fb09e9b6c5f1c0c6a2b3d4e5f6a7b8c9d0e1f2a3b