November 29, 2022

MM.Finance has said that it will compensate and reimburse impacted users.

Source: Coindesk.com
Source: Coindesk.com

The largest decentralized exchange on Cronos, MM.Finance, has suffered a front-end exploit that allowed hackers to siphon out more than $2 million in CRO tokens from users.

The attack occurred due to a Domain Name System (DNS) vulnerability, with the perpetrator proceeding to insert a malicious contract address that would divert funds to their own private wallet.

The stolen funds were sent to Tornado Cash, a privacy protocol on Ethereum, before moving to OKX, according to a series of tweets from MM.Finance.

MM.Finance has given the attacker 48 hours to return 90% of the stolen funds, stating that it will contact the FBI if the deadline isn’t met.

“We have collated the addresses that have lost funds during the attack earlier via the data onchain. Over $2,000,000 will be compensated and reimbursed,” the company wrote in a tweet on Thursday morning.

According to data from DeFi Llama, liquidity remains in a strong position with $804 million in total value locked (TVL).