MonoSwap, which describes itself as a “Blast native liquidity space” introduced through its X account that it has been hacked.
The submit saying the hack particulars how a developer for MonoSwap “installed a phishing app to join a call with scammers who pretended to be a VC. The attackers installed the botnet into his office PC, which has access to all MonoSwap-related wallets and contracts.”
It additionally notes that “the hackers then withdrew most of the staked liquidity positions, causing damage to the protocol.”
The unique submit included a hyperlink to the hacker’s web site, however this was eliminated after Protos reached out to ask, “Do you suppose it was prudent to offer a hyperlink to the hacker’s web site in your announcement submit?“
ALERT: MonoSwap has been hacked. DO NOT add liquidity or stake in our farming swimming pools for the time being.
In case you have any staked positions, please withdraw instantly to keep away from funds loss.
Yesterday, one among our builders put in a phishing app to affix a name with scammers who…
— MonoSwap (@monoswapio) July 24, 2024
Learn extra: Blast L2-based lending platform makes pricey error, liquidating customers for $26M
MonoSwap’s documentation has a web page labeled ‘Security Measures’ which claims “MonoSwap’s expertly crafted smart contracts are developed by seasoned professionals with a deep understanding of the industry. We prioritize the safety and optimization of your investments by incorporating a robust set of features and security measures.”
Moreover, it has a web page labeled ‘Audits’ which optimistically claims “Coming soon,” although the web page additionally says “Last updated 6 months ago.”
The protocol has further immaturities, together with describing its wrapped token, xMONO, as a governance token, even though, so far as Protos has been capable of decide, there isn’t any voting mechanism to at the moment use these governance tokens for governance.
Protos has reached out to MonoSwap for clarification on the standing of the protocol audits, why one government had entry to all of those mission vital assets on their laptop, and what the usage of the governance token is. At press we now have not acquired a response.
Information from DefiLlama exhibits the ‘Total Value Locked’ for this protocol dropping from roughly $1.5 million to $200,000 in the present day.
Obtained a tip? Ship us an electronic mail or ProtonMail. For extra knowledgeable information, comply with us on X, Instagram, Bluesky, and Google Information, or subscribe to our YouTube channel.