Decentralized Exchange MM.Finance Suffers $2M Exploit

MM.Finance has said that it will compensate and reimburse impacted users.

(Shutterstock)

The largest decentralized exchange on Cronos, MM.Finance, has suffered a front-end exploit that allowed hackers to siphon out more than $2 million in CRO tokens from users.

  • The attack occurred due to a Domain Name System (DNS) vulnerability, with the perpetrator proceeding to insert a malicious contract address that would divert funds to their own private wallet.
  • The stolen funds were sent to Tornado Cash, a privacy protocol on Ethereum, before moving to OKX, according to a series of tweets from MM.Finance.
  • MM.Finance has given the attacker 48 hours to return 90% of the stolen funds, stating that it will contact the FBI if the deadline isn't met.
  • "We have collated the addresses that have lost funds during the attack earlier via the data onchain. Over $2,000,000 will be compensated and reimbursed," the company wrote in a tweet on Thursday morning.
  • According to data from DeFi Llama, liquidity remains in a strong position with $804 million in total value locked (TVL).
STAR Report Image

Stablecoin market cap fell to $312B in June, its largest monthly drop since TerraUSD, while tokenized equity volumes surged 145% to a record $3.86B.

Why it matters:

Stablecoin market cap fell to $312B in June, its largest monthly drop since TerraUSD, while tokenized equity volumes surged 145% to a record $3.86B.