MonoX Finance Hack 2021 — $31M Exploit Analysis

MonoX Finance was drained of $31M when an attacker exploited a price oracle vulnerability in its single-token pool design to inflate the MONO token price.

Details

Full Description

MonoX Finance used a single-token pool model where each asset was paired against the protocol's MONO token. The attacker exploited a flaw where swap calculations updated the MONO token price before completing the swap validation. By swapping MONO for other assets in the same transaction that inflated MONO's price, they could receive far more assets than input warranted, effectively draining the pools.

Laundering Analysis

Stolen WETH, WBTC, LINK, UNI, and MATIC moved through multiple wallets. ETH converted via aggregators and sent through Tornado Cash. CertiK and PeckShield tracked fund flows on-chain. MonoX team published a post-mortem and launched a compensation program. No attacker identified, no funds recovered.

Sources

Transaction Hashes

Related Hacks

Back to Browse