Decentralized exchange and staking platform MonoSwap announced it had been the victim of a major hack and urged users to stop staking or deposit additional funds on the platform.
The platform also urged users to withdraw their funds from staked positions to avoid losing their funds.
The platform also identified a suspicious link in a social media post and urged users not to interact with it. It also shared details about how the hack occurred. According to MonoSwap, one of its developers accidentally installed a malicious phishing application and was lured into a call with scammers who pretended to be venture capitalists. During the call, the scammers were able to install malicious software on the developer’s computer.
“ALERT: MonoSwap has been hacked. DO NOT add liquidity or stake in our farming pools at the moment. If you have any staked positions, please withdraw immediately to avoid funds loss. Yesterday, one of our developers installed a phishing app to join a call with scammers who pretended to be a VC. The attackers installed the botnet into his office PC, which has access to all MonoSwap-related wallets and contracts. The hackers then withdrew most of the staked liquidity positions, causing damage to the protocol.”
The computer in question had access to MonoSwap’s wallets and contracts. With the malicious software installed on the laptop, the scammers were able to withdraw a significant chunk of the platform’s staked liquidity. MonoSwap stated it was investigating the incident and working to build a better future for the platform.
“We are investigating the attack right now and will soon announce the next moves. We were trying to work with VCs to build a better future for MonoSwap. However, unfortunate things happened, and now we are trying our best to resolve this issue.”
CoinGecko founder and Chief Operating Officer Bobby Ong warned about the worrying increase in crypto hacks and urged users to exercise caution when interacting with crypto or crypto-associated websites. According to Ong, the sudden spurt in crypto hacks is primarily due to Google selling its domain business to SquareSpace. Ong explained that the forced migration of domains removed two-factor authentication, creating security vulnerabilities that hackers were exploiting.
Onchain crypto investigator ZachXBT recently warned about Compound Finance, whose website was redirecting users to a malicious phishing page. The Compound Finance team has since fixed the issue. Another major hack was reported on July 18, when popular Indian cryptocurrency exchange WazirX was hacked, leading to a loss of $235 million. The most recent exploit is that of the dYdX v3 website, which fell victim to an apparent DNS attack.
Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
— CONTENT NOT MODERATED BY G6
