05 May 2022 14:53, UTC.
Reading time: ~2 m
The largest decentralized exchange on Cronos, MM. Finance, encountered an external exploit that allowed hackers to steal more than $2 million worth of CRO tokens from users.
The attack occurred because of a DNS vulnerability, where an attacker proceeded to insert a malicious contract address that redirected funds to his personal wallet.
According to reports from MM.Finance, the stolen funds were sent to Tornado Cash, a privacy protocol on Ethereum, and then transferred to OKX.
MM. Finance gave the attacker 48 hours to return 90% of the stolen funds, saying it would contact the FBI if the deadline was not met.
“We have matched the addresses that lost funds during the attack earlier through online data. More than $2,000,000 will be compensated and reimbursed,” the company wrote Thursday morning.
According to DeFi Llama, liquidity remains in a strong position with a total blocked value (TVL) of $804 million.
#MMFinance #decentralized #exchange #hacked #million