The Dangers of DEFI: MonoX and BadgerDAO Hacks

DEFI is a great tool in the banking and finance world, after all, it takes power from the centralized banks and big corporations and puts control back in the hands of those that mater — the people. But there is one problem, and this is that the DEFI world isn’t always safe.

In 2021, there have been numerous hacks and scams in the DEFI world. The recent hacks last week of the MonoX and BadgerDao exchanges are simply the next in a long line of losses experienced by DEFI exchanges as a result of poor security protocols.

Starting to get a little scared? Don’t panic too much, as there are some safe ways to invest in the DEFI world. Keep reading to learn about the most recent exchange hacks and what you can do to keep your money safe.

The MonoX Hack

The MonoX Exchange is a decentralized cryptocurrency exchange which allows users to put up cryptocurrency in order to get loans in other forms of cryptocurrency. These loans are most often in the form of Ethereum or Polygon, and the cryptocurrency put up for loans is usually the native currency of the exchange, a coin called MONO.

On Tuesday, November 30th, 2021, a hacker found a vulnerability, or a bug, in the MonoX code that allowed the hacker to manually change the price of the MONO cryptocurrency. After the prices were inflated, the hacker then used his MONO to purchase a bunch of other assets on the exchange.

While this may sound like an easy hack, it actually took quite a few swaps for the hacker to inflate the price of MONO (it wasn’t as easy as simply typing in a new value). But it was worthwhile for the hacker, as he ended up robbing the exchange of the equivalent of $31 million in assets. $18.2 million of this was in Wrapped Ethereum (WETH) and $10.5 million was in Polygon (MATIC). The remaining funds stolen were a mix of WBTC, LINK, GHST, MIM, IMX, and DUCK.

The MonoX team discovered the hack quite quickly, but not quickly enough to stop the theft of the funds. They have since come out on Twitter to apologize to their users and promise to return the stolen funds as soon as possible.

The BadgerDAO Hack

BadgerDAO, unlike MonoX, isn’t just an exchange, rather it is a system used to build DEFI projects such as exchanges and other financial products. It is community led, keeping it decentralized, and allowing holders of the coin to vote on the future of the project.

On Thursday, December 2nd, 2021, just two days after the devastating MonoX hack, the creators of BadgerDAO reported a hack of their own. This was a front end attack, but the damage was real, costing the exchange over $120 million in losses.

This attack although discovered on December 2nd, had actually been going on for weeks, and it involved a hacker, or team of hackers, sending spend requests to users from the platform itself. Users reported these to the admin via the BadgerDAO discord channel.

At first, the admins dismissed the alerts, assuming it was a benign bug. But what it really was, was a hacker stealing funds from user withdrawals. And this wasn’t just a one day thing. Analysts estimate that the hacker behind this attack was able to get away with over 2000 BTC, 30 ibBTC, and 151 ETH over the course of the hack. Because of how high these numbers are, and the implications for BadgerDAO, the protocol for the platform has currently been paused, meaning no smart contracts can execute, until they are able to stop this malicious hack.

How to Stay Safe in the DEFI World

As you can see, hacks in the DEFI world are no laughing matter. Some platforms never recover from the hacks they experience. And in the above stories, it is likely that BadgerDAO will never be able to recover all of the stolen funds.

The reality is, there will always be a risk to investing money using DEFI products. But if you follow the below tips, they will help you to stay safer in the DEFI world as you invest.

1. Never Store Your Money on an Exchange

Exchanges are often subject to hacks and security breaches, and if your money is just sitting there, it is ripe for the taking. You should always take the time to back up your cryptocurrencies to a hardware wallet or a secure software wallet where the funds are stored off line and not able to be taken in a hack.

2. Diversify

Part of the DEFI world includes investment products like liquidity pools and yield farming that require keeping your money on an exchange like SushiSwap or PancakeSwap. In these cases, it is best to diversify your funds rather than putting them all on one exchange, this way, if the exchange is hacked, you will still have funds elsewhere.

3. Do Your Research

This tip cannot be emphasized enough. Besides the dangers of hacks in the DEFI world, there are also many fake products out there. Because of platforms like BadgerDAO, anyone, and everyone, can make an alt coin or an exchange. Just because something is new doesn’t mean it is safe. Take a look at what happened with the Squid Games token to remind yourself that it doesn’t take much for a platform to disappear with all your money.

This is why it is always recommended that you research before you put your money on any platform. This includes exchanges. If anything seems fishy, or slightly off, DO NOT put your hard earned money on the platform. It is better to go with a well-known platform that offers less return, then take a big risk of your money getting stolen for a big return on a platform you don’t know well.

Overall, this is likely not the last the world will hear about hacks in the DEFI world, as they are becoming more common as people put more money onto these platforms. This is why you need to work today to take all the precautions you can as you place and exchange money in the decentralized finance realm.

This article was brought to you by the Bitcoin Gambling on MintDice. Originally posted to MintDice’s Crypto Blog.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
MintDice

MintDice

MintDice / https://mintdice.com / A 100% Provably Fair Bitcoin Casino featuring Bitcoin Dice. Also maintains a cryptocurrency blog.