Decentralized Exchange MM.Finance Suffers $2M Exploit

Oliver Knight
·1 min read

The largest decentralized exchange on Cronos, MM.Finance, has suffered a front-end exploit that allowed hackers to siphon out more than $2 million in CRO tokens from users.

  • The attack occurred due to a DNS vulnerability, with the perpetrator proceeding to insert a malicious contract address that would divert funds to their own private wallet.

  • The stolen funds were sent to Tornado Cash, a privacy protocol on Ethereum, before moving to OKX, according to a series of tweets from MM.Finance.

  • MM.Finance has given the attacker 48-hours to return 90% of the stolen funds, stating that it will contact the FBI if the deadline isn't met.

  • "We have collated the addresses that have lost funds during the attack earlier via the data onchain. Over $2,000,000 will be compensated and reimbursed," the company wrote in a tweet on Thursday morning.

  • According to date from DeFi Llama, liquidity remains in a strong position with $804 million in total value locked (TVL).

