Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday December 02, @02:54PM   Printer-friendly [Skip to comment(s)]
from the a-few-bugs-still-need-ironing-out dept.

Really stupid "smart contract" bug let hackers steal $31 million in digital coin:

Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts.

The company uses a decentralized finance protocol known as MonoX that lets users trade digital currency tokens without some of the requirements of traditional exchanges. "Project owners can list their tokens without the burden of capital requirements and focus on using funds for building the project instead of providing liquidity," MonoX company representatives say here. "It works by grouping deposited tokens into a virtual pair with vCASH, to offer a single token pool design."

An accounting error built into the company's software let an attacker inflate the price of the MONO token and to then use it to cash out all the other deposited tokens, MonoX Finance revealed in a post. The haul amounted to $31 million worth of tokens on the Ethereum or Polygon blockchains, both of which are supported by the MonoX protocol.

Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX updates prices after each swap by calculating new prices for both tokens. When the swap is completed, the price of tokenIn—that is, the token sent by the user—decreases and the price of tokenOut—or the token received by the user—increases.

By using the same token for both tokenIn and tokenOut, the hacker greatly inflated the price of the MONO token because the updating of the tokenOut overwrote the price update of the tokenIn. The hacker then exchanged the token for $31 million worth of tokens on the Ethereum and Polygon blockchains.


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 5, Informative) by bart9h on Thursday December 02, @03:51PM (6 children)

    by bart9h (767) on Thursday December 02, @03:51PM (#1201531)

    You what else is really stupid?

    Wasting tons of energy and precious resources for nothing. Cryptomining is a crime against the planet (and, as a consequence, against humanity).

    • (Score: 0) by Anonymous Coward on Thursday December 02, @07:25PM (5 children)

      by Anonymous Coward on Thursday December 02, @07:25PM (#1201601)

      You'll get really mad the day you realize digging a huge hole to take gold out of the ground then moving that gold to another huge hole surrounded by concrete, steel and guards isn't free either. Also if it were for nothing people wouldn't trade money for it, they do so they value it, even if you believe they're criminals for consuming 1% more energy.

      • (Score: 5, Informative) by Thexalon on Thursday December 02, @10:00PM (2 children)

        by Thexalon (636) on Thursday December 02, @10:00PM (#1201655)

        You'll get really mad the day you realize digging a huge hole to take gold out of the ground then moving that gold to another huge hole surrounded by concrete, steel and guards isn't free either.

        Of course they don't, but nobody does that when there's the far easier option that looks something like:

        BEGIN TRANSACTION;
        INSERT INTO transaction_log (from_routing_number, from_account_number, to_routing_number, to_account_number, amount, timestamp) VALUES (...);
        UPDATE accounts SET amount=amount-'...' WHERE routing_number=... AND account_number = ...;
        UPDATE accounts SET amount=amount+'...' WHERE routing_number=... AND account_number = ...;
        COMMIT;

        And you're going to say "But that kind of money doesn't have any inherent value!" Which is true: The only thing backing it is the enforced value of guys with guns who will come and explain things if you don't pay your taxes or steal something or refuse to accept it as payment.

        However, the only thing backing crypto is the Tom Sawyer principle of "If it's hard to obtain, it must be valuable". And the main sales pitch crypto advocates use to try to get people into it is "The people who got into it early are making a lot of money", which is the same pitch used to sell Dutch tulip bulbs. So I'm not impressed, at all.

        --
        The inverse of "I told you so" is "Nobody could have predicted"
        • (Score: 0) by Anonymous Coward on Friday December 03, @02:33AM (1 child)

          by Anonymous Coward on Friday December 03, @02:33AM (#1201716)

          So I'm not impressed, at all.

          Just to be clear - your reasoning is expressing that you're not impressed with currency at all.

          Which I agree with on most levels, but at the same time, it *has* lubricated some (business) aspects of society quite a bit, to the benefit of ... some.

          • (Score: 2) by Thexalon on Friday December 03, @03:55AM

            by Thexalon (636) on Friday December 03, @03:55AM (#1201730)

            Just to be clear - your reasoning is expressing that you're not impressed with currency at all.

            Crypto fulfills none of the roles of currency:
            - It isn't operating as a medium of exchange, because most people don't accept it for most transactions.
            - It isn't operating as a store of value, because its exchange value for both other currencies and real goods fluctuates by far too much.
            - Because of the last two points, it isn't operating as a measurement of value, because again the price in those currencies changes too fast for all goods and services.

            --
            The inverse of "I told you so" is "Nobody could have predicted"
      • (Score: 0) by Anonymous Coward on Thursday December 02, @10:47PM (1 child)

        by Anonymous Coward on Thursday December 02, @10:47PM (#1201672)

        At least with gold, some of it is shaped into jewelry that can be given to women to increase the odds she will mate with you. Silver can be pounded and polished into a mirror, so she can see how nice the gold looks on her, which increases the odds she will mate with you.

        But hey, maybe a digital wallet on a USB stick will do the same with the younger, more hip chicks. Not like I would know.

        • (Score: 2) by istartedi on Friday December 03, @01:13AM

          by istartedi (123) on Friday December 03, @01:13AM (#1201701) Journal

          Or another way of putting this is that silver and gold both have some industrial use apart from their financial use. Silver is an excellent conductor and is apparently used in solar arrays. Gold's conductance and resistance to corrosion make it useful for electrical contacts. Last time I checked, they both had decent double-digit percentages for "industrial use", whereas it's impossible to put a crypto "coin" to any kind of real world use.

  • (Score: 0) by Anonymous Coward on Thursday December 02, @07:06PM

    by Anonymous Coward on Thursday December 02, @07:06PM (#1201594)

    HAAAAHHAAAHAAAHAAAHAA HAH...
    Oh wow, I needed some idiots to laugh at today...

  • (Score: 1) by davidjohnpaul on Thursday December 02, @10:08PM (1 child)

    by davidjohnpaul (5377) Subscriber Badge on Thursday December 02, @10:08PM (#1201656) Homepage

    The MonoX platform did exactly what the smart contract specified. Why should the "hackers" know this is not what MonoX intended?

    • (Score: 2, Insightful) by Anonymous Coward on Thursday December 02, @10:50PM

      by Anonymous Coward on Thursday December 02, @10:50PM (#1201673)

      Indeed, this is not a hack. This is profitable noticing.

(1)