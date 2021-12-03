This week, more than $ 150 million was lost in security breaches at the DeFi, MonoX and BadgerDAO projects.

Multi-chain decentralized exchange (DEX) MonoX (MONO) suffered a cyberattack on November 30 that caused losses of $ 31 million. BadgerDAO (BADGER) suffered an attack that was discovered on December 2 and the losses are estimated to have amounted to more than $ 120 million.

The MonoX DEX platform suffered a single attack on November 30. In this attack, a flaw in the smart contract allowed a discrepancy to exist between asset prices, when they were changed manually.

Rekt News explained that hackers were able to inflate MONO’s price through the smart contract, then buy other protocol assets with MONO.

“The hacker created a loop in which the tokenOut price would overwrite the tokenIn price, driving the MONO price up over the course of many swaps.”

The MonoX team confirmed this in a Tweet November 30. In a postmortem published on December 2, Total losses were confirmed at about USD 31 million. The team added:

“Days like yesterday are horrible, you don’t have to sugarcoat the harsh reality of an exploited contract and people losing money. Our fans put their faith in a new project like us, and yesterday we disappointed them.”

MONO was listed on Huobi just five days before the MonoX hack.

The Badger security breach was an ongoing threat to users interacting with the Badger DAO platform rather than a single major exploit.

Discord users began reporting unusual spending requests from the Badger platform and alerted administrators on social media and Discord since November 27.

The administrator Blackbear replied that the request was unusual, but likely caused by a benign bug in the front-end user interface (UI).

So someone on the $ BADGER discord flagged the Increase Allowance exploit on the Badger UI a few days ago. Sadly, the team brushed it aside. If your users are saying they’re being requested to do things on your platform that seem odd, PLEASE take it seriously. https://t.co/WUYMhU9viz pic.twitter.com/S7VaqJ2DEr – 0xMoves (@ 0xMoves) December 2, 2021

A few days ago, someone on BADGER’s Discord pointed out the Badger UI vulnerability. Unfortunately, the team ignored her. If your users say they are being asked to do things on your platform that seem weird, PLEASE take it seriously.

The UI glitch turned out to be the malicious attacker trying to steal funds from that user’s withdrawal. The same tactic would be used on random users for days, or even weeks before it was discovered as a security flaw.

At the time of writing, losses from the Badger attack amounted to more than $ 120 million, including 2,078.76 BTC, 30.27 ibBTC and 151.32 ETH, according to the blockchain analytics firm. PeckShield. Badger’s team has been doing research the problem and has paused all smart contracts in the protocol to avoid further losses.

