The largest decentralized exchange on Cronos, MM.Finance, has suffered a front-end exploit that allowed hackers to siphon out more than $2 million in CRO tokens from users.
- The attack occurred due to a Domain Name System (DNS) vulnerability, with the perpetrator proceeding to insert a malicious contract address that would divert funds to their own private wallet.
- The stolen funds were sent to Tornado Cash, a privacy protocol on Ethereum, before moving to OKX, according to a series of tweets from MM.Finance.
- MM.Finance has given the attacker 48 hours to return 90% of the stolen funds, stating that it will contact the FBI if the deadline isn't met.
- "We have collated the addresses that have lost funds during the attack earlier via the data onchain. Over $2,000,000 will be compensated and reimbursed," the company wrote in a tweet on Thursday morning.
- According to data from DeFi Llama, liquidity remains in a strong position with $804 million in total value locked (TVL).
STORY CONTINUES BELOW