The recent hack on MonoX Finance, which resulted in the theft of USD 31 million, highlights the lack of security in Defi protocols once again. Let’s look at the facts from a report on fraud and theft in Defi done by data analytics firm Elliptic from 2020 to back up this latest case with more evidence. According to the research, USD 12 billion was taken from the Defi space from 2020 to November 18, 2021, with USD 10.5 billion allocated to the eleven remaining months of 2021.
These figures mostly reflect DeFi’s growth and convey a strong message to all of its participants and communities of various Defi protocols about the necessity of security in decentralized finance. We believe it will be the industry’s largest stumbling barrier in the future because Defi will not be able to become a viable alternative to centralized financing.
The MonoX switching attack was legendary
MonoX is a decentralized exchange (DEX) that enables traders and merchants to create liquidity for the Ethereum and Polygon blockchains. Because their code complexity is higher than that of Defi protocols that can be implemented on a single blockchain, this type of Defi protocol has been determined to be the most vulnerable to cyber-attacks. However, the flaw that has resulted in MonoX Finance’s lack of personal capital is a really simple aspect.
The fraudsters took advantage of a loophole that enabled them to utilize MonoX Finance’s native MONO token as both a base and quote asset in a single swap operation. As a result, they were able to increase the value of MONO while having no actual liquidity. After which, they started to exchange their MONO for assets like WETH, LINK, MIM, DUCK, and GHST, leaving the liquidity.
However, MonoX Finance had been audited by Holborn and Peckshield, and the audit report detailed a long-range of concerns. This is symptomatic of the project’s code base’s poor quality, which makes it much more difficult to not overlook one or more bugs. As a result, it is not just a failure on the part of the auditors to uncover a serious attack, but also a failure on the part of the developers to offer easy-to-read smart contract code.
To gain the trust of the community, a real Defi initiative must take efforts to ensure that there will be no rug pulls, or funds being taken from the venture. The initial step in this direction may be to decentralize the possession of a good contract among several workforce members. It means that for changes or instructions to be carried out in a smart contract, they’ll need permission from several non-public keys.
- While the cryptocurrency market evolves at a breakneck pace, so are the tactics used by criminals and hackers to steal tokens and coins.
- Investors who are aware and prepared can preserve their digital assets by taking preventative steps.
In this context, I’d like to underline how critical it is for programmers to develop code that is easy to understand. Also, before turning it over to the auditors, the developer team should do their functionality testing to ensure that each smart contract functions as planned.
Andrew is a blockchain developer who developed his interest in cryptocurrencies while pursuing his post-graduation major in blockchain development. He is a keen observer of details and shares his passion for writing, along with coding. His backend knowledge about blockchain helps him give a unique perspective to his writing skills, and a reliable craft at explaining the concepts such as blockchain programming, languages and token minting. He also frequently shares technical details and performance indicators of ICOs and IDOs.