Explained: The MonoSwap Hack (July 2024)

In July 2024, MonoSwap suffered a $1.3 million hack. The attackers used malware as part of a social engineering attack to steal private keys and control over the project’s smart contracts.

Inside the Attack

The MonoSwap attack was performed by scammers that were masquerading as venture capitalists expressing interest in investing in the project. As part of this, the MonoSwap team and the alleged VCs scheduled a call to discuss the potential opportunity.

To join the call, the MonoSwap team was instructed to use a video conferencing application named Kakao. One of the MonoSwap developers installed this application on their office computer to join the call.

However, this application was actually infostealer malware that collected private keys from the developer’s computer. Since this developer had full access to the project’s wallets and smart contracts, this allowed the attacker to take control of these as well.

With this access, the attacker was able to drain all of the staked liquidity positions within the protocol. In total, an estimated $1.3 million was stolen from the protocol and its users.

After discovering the hack, the MonoSwap team warned users not to add any liquidity or stake to its pools. Additionally, users were advised to withdraw any staked positions that remained to prevent them from being stolen as well.

Lessons Learned from the Attack

The MonoSwap hack demonstrated the risks of centralized management of a DeFi project. A single developer had wide-reaching access within the protocol using private keys accessible to malware installed on the device. These keys also had the ability to drain users’ staked liquidity positions.

A more secure approach would be to both limit the powers of the team’s private keys and decentralize control over them. The team behind a DeFi project ideally shouldn’t have the ability to withdraw user funds as this creates an ideal situation for a rug pull or a hack.

Additionally, accounts with elevated privileges within the project should be implemented using multi-signature wallets that force an attacker to compromise multiple private keys to perform malicious transactions. 

In this situation, this may not have helped if all team members downloaded the malware; however, ensuring that at least one key was placed in cold storage would have done so. In this case, the developer key was apparently a hot wallet since it was accessible from the developer’s computer.

DeFi projects should implement robust security controls to protect themselves and their users against potential attacks. For assistance in securing your DeFi project, get in touch with Halborn.