Cronos DeFi Project MM.Finance Suffers $2M Exploit
The biggest decentralized exchange on Cronos has been hacked. MM.Finance, an ecosystem of DeFi applications and the biggest decentralized exchange on the Cronos blockchain, has suffered a $2 million frontend attack. The project reported the incident late Thursday after the attacker breached the app’s frontend and started moving funds to their address. “We have verified and theres a frontend breach. Please do not perform any transactions or your funds will be sent to the exploiter wallet. We will be disabling the frontend ASAP,” MM.Finance tweeted. According to a post-mortem report published by the project earlier today, the attacker leveraged a DNS vulnerability to modify the router contract address in the project’s hosted files and injected a malicious contract address into the project website’s frontend. The malicious contract then diverted the funds to the attacker’s wallet when anyone tried to make a swap, add, or remove liquidity on MM. Finance’s decentralized exchange.