The Ionic Money hack began as a social engineering attack in which the attackers masqueraded as members of the Lombard Finance team. Their goal was to trick Ionic Money into listing their fake LBTC token on its platform.

Once the counterfeit token was listed, the attackers minted 250 of their fake LBTC tokens and used them as collateral for loans on Ionic Money. This allowed them to borrow an estimated $8.6 million in real tokens from the project. Since the collateral they used was counterfeit tokens, they could abandon it, leaving Ionic Money and its users with nothing.

After the theft, the attackers used cross-chain bridges to transfer approximately $3.5 million of the stolen tokens to Ethereum. There, the tokens were laundered through Tornado Cash, making it infeasible to identify the stolen assets once the attackers withdrew them.

The MBTC and iBTC borrowed from Ionic Money were swapped to MBTC and used to borrow from Ironclad and Layerbank. Merlin announced that it would use a pre-exploit snapshot to minimize the effects of the incident on MBTC users. This harmed Layerbank and Ironclad since it left them holding worthless MBTC while the attacker kept what they had borrowed from the two protocols.

While this is Ionic’s first hack, the same isn’t true of the team behind the protocol. According to ZachXBT, Ionic is just a rebrand of the Midas Protocol. Midas was the victim of two hacks in 2023 both due to a failure to protect against known vulnerabilities with publicly-known workarounds.

The Ionic Money hack is a prime example of the potential power of a social engineering attack. The attacker began with 0.01 ETH and a fake LBTC contract that they deployed in January 2025. Once they tricked Ionic Money into accepting the fake contract as collateral for loans, they could mint as many tokens as they wanted to use to drain Ionic’s vaults.

This incident demonstrates the importance of having strong processes in place to validate third-party partners and projects before trusting them. The attackers’ ability to impersonate Lombard Finance was crucial to their ability to pull off this scam.