Detailed analysis of the $31 Million MonoX Protocol Hack

The Root Cause of the Attack

Relevant Information:

Step By Step Analysis

  1. First, the hacker uses the Monoswap.swapExactTokenForToken function to swap 0.1 WETH for 79.986094311542621010 MONO.
  2. Using a contract they created, the hackers can drain all the assets within a pool and replace them with their liquidity to cause the most damage.
  • Remove the liquidity of 0x7b9aa6, transfer 1670.7572297649224 MONO and 6.8622171986812230290 vCASH to 0x7b9aa6;
  • Remove the liquidity of cowrie.eth, transfer 152.9745213857155 MONO and 0.628300423692773565 vCASH to cowrie.eth;
  • Remove the liquidity of 0xab5167, transfer 99940.7413658327 MONO and 410.478879590637971405 vCASH to 0xab5167;




Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store



SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.