from the a-few-bugs-still-need-ironing-out dept.
Really stupid "smart contract" bug let hackers steal $31 million in digital coin:
Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts.
The company uses a decentralized finance protocol known as MonoX that lets users trade digital currency tokens without some of the requirements of traditional exchanges. "Project owners can list their tokens without the burden of capital requirements and focus on using funds for building the project instead of providing liquidity," MonoX company representatives say here. "It works by grouping deposited tokens into a virtual pair with vCASH, to offer a single token pool design."
An accounting error built into the company's software let an attacker inflate the price of the MONO token and to then use it to cash out all the other deposited tokens, MonoX Finance revealed in a post. The haul amounted to $31 million worth of tokens on the Ethereum or Polygon blockchains, both of which are supported by the MonoX protocol.
Specifically, the hack used the same token as both the tokenIn and tokenOut, which are methods for exchanging the value of one token for another. MonoX updates prices after each swap by calculating new prices for both tokens. When the swap is completed, the price of tokenIn—that is, the token sent by the user—decreases and the price of tokenOut—or the token received by the user—increases.
By using the same token for both tokenIn and tokenOut, the hacker greatly inflated the price of the MONO token because the updating of the tokenOut overwrote the price update of the tokenIn. The hacker then exchanged the token for $31 million worth of tokens on the Ethereum and Polygon blockchains.
(Score: 5, Informative) by bart9h on Thursday December 02 2021, @03:51PM (6 children)
You what else is really stupid?
Wasting tons of energy and precious resources for nothing. Cryptomining is a crime against the planet (and, as a consequence, against humanity).
(Score: 0) by Anonymous Coward on Thursday December 02 2021, @07:25PM (5 children)
You'll get really mad the day you realize digging a huge hole to take gold out of the ground then moving that gold to another huge hole surrounded by concrete, steel and guards isn't free either. Also if it were for nothing people wouldn't trade money for it, they do so they value it, even if you believe they're criminals for consuming 1% more energy.
(Score: 5, Informative) by Thexalon on Thursday December 02 2021, @10:00PM (2 children)
Of course they don't, but nobody does that when there's the far easier option that looks something like:
BEGIN TRANSACTION;
INSERT INTO transaction_log (from_routing_number, from_account_number, to_routing_number, to_account_number, amount, timestamp) VALUES (...);
UPDATE accounts SET amount=amount-'...' WHERE routing_number=... AND account_number = ...;
UPDATE accounts SET amount=amount+'...' WHERE routing_number=... AND account_number = ...;
COMMIT;
And you're going to say "But that kind of money doesn't have any inherent value!" Which is true: The only thing backing it is the enforced value of guys with guns who will come and explain things if you don't pay your taxes or steal something or refuse to accept it as payment.
However, the only thing backing crypto is the Tom Sawyer principle of "If it's hard to obtain, it must be valuable". And the main sales pitch crypto advocates use to try to get people into it is "The people who got into it early are making a lot of money", which is the same pitch used to sell Dutch tulip bulbs. So I'm not impressed, at all.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Friday December 03 2021, @02:33AM (1 child)
Just to be clear - your reasoning is expressing that you're not impressed with currency at all.
Which I agree with on most levels, but at the same time, it *has* lubricated some (business) aspects of society quite a bit, to the benefit of ... some.
(Score: 2) by Thexalon on Friday December 03 2021, @03:55AM
Crypto fulfills none of the roles of currency:
- It isn't operating as a medium of exchange, because most people don't accept it for most transactions.
- It isn't operating as a store of value, because its exchange value for both other currencies and real goods fluctuates by far too much.
- Because of the last two points, it isn't operating as a measurement of value, because again the price in those currencies changes too fast for all goods and services.
The only thing that stops a bad guy with a compiler is a good guy with a compiler.
(Score: 0) by Anonymous Coward on Thursday December 02 2021, @10:47PM (1 child)
At least with gold, some of it is shaped into jewelry that can be given to women to increase the odds she will mate with you. Silver can be pounded and polished into a mirror, so she can see how nice the gold looks on her, which increases the odds she will mate with you.
But hey, maybe a digital wallet on a USB stick will do the same with the younger, more hip chicks. Not like I would know.
(Score: 2) by istartedi on Friday December 03 2021, @01:13AM
Or another way of putting this is that silver and gold both have some industrial use apart from their financial use. Silver is an excellent conductor and is apparently used in solar arrays. Gold's conductance and resistance to corrosion make it useful for electrical contacts. Last time I checked, they both had decent double-digit percentages for "industrial use", whereas it's impossible to put a crypto "coin" to any kind of real world use.
Appended to the end of comments you post. Max: 120 chars.
(Score: 0) by Anonymous Coward on Thursday December 02 2021, @07:06PM
HAAAAHHAAAHAAAHAAAHAA HAH...
Oh wow, I needed some idiots to laugh at today...
(Score: 1) by davidjohnpaul on Thursday December 02 2021, @10:08PM (1 child)
The MonoX platform did exactly what the smart contract specified. Why should the "hackers" know this is not what MonoX intended?
(Score: 2, Insightful) by Anonymous Coward on Thursday December 02 2021, @10:50PM
Indeed, this is not a hack. This is profitable noticing.