Two decentralized finance platforms BadgerDAO and MonoX had witnessed security breaches in two separate attacks in which hundreds of millions of dollars worth of cryptocurrency has been drained by the threat actors.
The threat security research unit of BadgerDAO Company discovered the attack on 2nd December wherein a malicious group has stolen $120 million, while MonoX lost $31 million to unknown attackers on November 30th.
As per the blockchain security and data analytics Peckshield organizations, which are working with BadgerDAO to investigate the further heist, the various tokens that have been stolen in the attack are worth more than $120 million, the researchers told in their findings.
As soon as the Badger got to know about the unauthorized transfers, it had stopped all smart contracts, essentially freezing its platform, and warned its clients to decline all transactions to the hackers’ addresses.
The company has reported that it has “retained data forensics experts Chainalysis to explore the full scale of the incident & authorities in both the US & Canada have been informed & Badger is cooperating fully with external investigations as well as proceeding with its own.”
On the other hand, MonoX has acknowledged the breach and explained in a blog post that the breach occurred after a group of hackers exploited a vulnerability in smart contract software; Smart contracts are digital contracts stored on a blockchain that is automatically executed when all terms and conditions are met.
It is being estimated that the group of hackers has managed to steal more than $ 30 million in funding, mostly MATIC and WETH. A “swap method was exploited and the price of the MONO token has risen to a new high”, the company reported.
“The exploit was caused by a smart contract bug that allows the sold and bought token to be the same. In the case of the attack, it was our native MONO token. When a swap was taking place and tokenIn was the same as tokenOut, the transaction was permitted by the contract”, the company added.
Furthermore, as listed below, Igor Igamberdiev, an IT security researcher was able to break down the stolen tokens. He uploaded the list on his Twitter handle.
1. – 5.7M MATIC ($10.5M)
2. – 3.9k WETH ($18.2M)
3. – 36.1 WBTC ($2M)
4. – 1.2k LINK ($31k)
5. – 3.1k GHST ($9.1k)
6. – 5.1M DUCK ($257k)
7. – 4.1k MIM ($4.1k)
8. – 274 IMX ($2k)