MonoSwap Hack
Incident Overview
On July 24, 2024, MonoSwap suffered a hack after a developer was tricked into installing a phishing app while attempting to join a fake VC call. The phishing app infected the developer’s office PC with a botnet, which gave attackers access to MonoSwap’s wallets and smart contracts, allowing them to withdraw most of the staked liquidity.
The attack started when scammers impersonated venture capitalists (VCs) and invited a MonoSwap developer to a call. To join the fake call, the developer was instructed to download a malicious application from a phishing link (kakaocall.kr). Once installed, the app deployed a botnet onto the developer’s office PC, granting the attackers remote access to all MonoSwap-related wallets and contracts stored on the machine.
With this access, the hackers drained the majority of the liquidity staked in MonoSwap’s pools, directly impacting both the protocol and its users. MonoSwap is actively investigating the incident and urged all users to withdraw their positions immediately while also deleting an earlier post that accidentally contained the phishing link.
Incident Report
Protocol Information
Market Context at Time of Hack
What the Attacker Needed to Succeed
Understanding the prerequisites for this type of attack helps auditors identify protocols that are most at risk and helps developers build better defenses.
What Auditors Should Check
If you're auditing a protocol with similar architecture to MonoSwap, these are the critical security checks that could have prevented this incident (July 2024).
- Verify all logic paths related to Access Control are guarded by proper access controls and input validation - see the Access Control Attacks attack class for patterns
- Review privileged functions (owner, admin, governance) for potential abuse vectors - centralization risks should be documented and bounded with timelocks or multi-sigs
Master these auditing techniques with hands-on labs and real exploit scenarios in the Smart Contract Hacking course.
Free TrialRelated Attack Classes
The technique used in this hack maps to these vulnerability classes in our security curriculum:
Sources & References
Learn to Prevent the Next MonoSwap
The MonoSwap hack is one of many attacks that skilled auditors are trained to detect before deployment. Master real exploit patterns and defense techniques with hands-on Web3 security training.