20 of the Biggest Cryptocurrency Scams of the Past Year

MonoX Finance, a blockchain startup, also fell victim to a hack. The company uses a decentralized finance, or DeFi, protocol, MonoX, that lets users trade digital currency tokens with fewer requirements than traditional exchanges. The attacker exploited a bug in the software used to draft smart contracts, stealing $31 million.

“The exploit was caused by a smart contract bug that allows the sold and bought token to be the same,” MonoX Finance explained. The attacker made transactions with the mono token, basically swapping the same tokens but also inflating the price as the system allowed the transactions and calculated a new price after each transaction. The hacker then used the funds to cash out all the other deposited tokens, including on the ethereum and polygon blockchains. Security experts told ars Technica that these kinds of attacks are common in smart contracts. Developers do not always define security properties for their code, or use older security approaches, the expert noted.

Uranium Finance, a binance smart chain-based DeFi project, lost $50 million in tokens in April 2021 in an exploit. Following the exchange’s upgrade, there was a vulnerability in its v2 contracts the hacker exploited. According to CoinDesk, “a misplaced zero in the contract’s balance field … created the opening for the attack vector.”

But the exploit may have been an inside job, according to a member of Uranium Finance’s developer team, Cointelegraph reported. The crypto community noted on several boards they question Uranium’s narrative.

Hackers stole $80 million from Qubit Finance, a decentralized finance (DeFi) platform, on Jan. 27, according to the company’s statement, which also explains how the hacker exploited the protocol. Qubit offers its QBridge protocol for investors, a bridge to convert or swap tokens between two blockchains — ethereum and the binance smart chain network.

The attackers exploited the protocol and stole 206,809 binance coins (BNB) from Qubit’s QBridge protocol, worth more than $80 million, according to PeckShield. Qubit asked the hackers to return the stolen digital assets, offering the hackers a maximum bug bounty worth $250,000.

Imagine your bank added money to your account — by accident — would you pay it back? Well, something similar happened to users of Compound, a decentralized finance, or DeFi, platform that enables users to earn interest or borrow assets against collateral. But on Thursday, 31 Sept. 2021, the ethereum-based money market protocol had a major blunder following an upgrade of its system and accidentally paid out $90 million among its users.

Shortly after the mistake, Compound’s founder began urging users (CNBC called it “begging”) to return the money they received in error. The transaction history shows where all the ethereum tokens went. According to BleepingComputer, the founder incentivized users, saying they may keep 10% as a reward. Though the founder said about $30 million have been by Sunday, other users have realized they can exploit the glitch, leaving $160 million at risk, according to Business Insider.

Japanese cryptocurrency exchange Liquid was hit by a cyberattack in August, about a week after the Poly Network hack (see No. 3). The hackers made off with a reported $97 million worth of digital coins, according to blockchain analytics company Elliptic. “This includes $45 million in Ethereum tokens, which are being converted into Ether using decentralised exchanges (DEXs) such as Uniswap and SushiSwap,” Elliptic noted, adding, “This enables the hacker to avoid having these assets frozen — as is possible with many Ethereum tokens.”

Unlike many other exchanges, Liquid is reportedly regulated by Japan’s Financial Services Agency. Liquid ranks among the top 20 crypto exchanges globally by daily trading volumes, according to CNBC.