DeFi Project ‘MM.Finance’ Suffers $2 Million Exploit

By Lauren Claxton May 07, 2022 In DeFi, Hackers

MM.Finance, the largest DeFi exchange on Cronos, has lost US$2 million in a recent exploitation by hackers. A Domain Name System (DNS) vulnerability is believed to be responsible, with the stolen funds being sent to Tornado Cash:

As per its tweet, MM.Finance traced the perpetrator of the cyberattack back to OKX centralised exchange. The funds stolen in the frontend breach were bridged to Ethereum using Multichain and deposited into Tornado Cash. OKX requires users to go through a ‘know your customer’ procedure, therefore the attacker had to have used fake IDs when signing up for the exchange.

While MM.Finance intends to compensate the affected addresses, the exchange has said that if 90 percent of the funds are not returned to MM.Finance within 48 hours, it will contact the FBI:

DeFi Exploits Increasing

Early April saw DeFi lender Inverse Finance suffer a US$15.6 million exploitation. The decentralised Ethereum protocol was compromised by hackers targeting its money market through the artificial manipulation of its token prices.


And, only days ago, Rari Capital lost US$80 million to hackers following a Fei protocol exploit. The assets had been held in Fuse lending pools, apparently the fault of a reentrancy vulnerability.

Lauren Claxton

Lauren Claxton

Lauren is currently a freelance writer with experience in finance writing. She has a growing interest in the metaverse and all things NFTs and expects to graduate in 2022 with bachelors degrees in creative writing and public relations.

You may also like