Categories
DeFi Hackers

DeFi Project ‘MM.Finance’ Suffers $2 Million Exploit

MM.Finance, the largest DeFi exchange on Cronos, has lost US$2 million in a recent exploitation by hackers. A Domain Name System (DNS) vulnerability is believed to be responsible, with the stolen funds being sent to Tornado Cash:

As per its tweet, MM.Finance traced the perpetrator of the cyberattack back to OKX centralised exchange. The funds stolen in the frontend breach were bridged to Ethereum using Multichain and deposited into Tornado Cash. OKX requires users to go through a ‘know your customer’ procedure, therefore the attacker had to have used fake IDs when signing up for the exchange.

While MM.Finance intends to compensate the affected addresses, the exchange has said that if 90 percent of the funds are not returned to MM.Finance within 48 hours, it will contact the FBI:

DeFi Exploits Increasing

Early April saw DeFi lender Inverse Finance suffer a US$15.6 million exploitation. The decentralised Ethereum protocol was compromised by hackers targeting its money market through the artificial manipulation of its token prices.

And, only days ago, Rari Capital lost US$80 million to hackers following a Fei protocol exploit. The assets had been held in Fuse lending pools, apparently the fault of a reentrancy vulnerability.