Security News > 2021 > December > Cryptocurrency startup fails to subtract before adding, loses $31m
Two weeks ago, after three software audits and three months of live testing, a cryptocurrency startup called MonoX introduced what it described as "The premier bootstrap decentralized exchange, Monoswap".
Despite the audits and the testing, MonoX seems to have made an interesting blunder in how it handled balance changes during transactions.
This has apparently already cost the startup a massive $31,000,000 in lost funds, thanks to an automated series of rogue transactions that the company failed to think of, and therefore didn't program against.
As far as we can see, the software flaw that MonoX overlooked was triggered if you transferred value from one of your own MonoX cryptocoins.
What you wouldn't expect is that if you could get the second transaction processed quickly enough then it would overwrite the first transaction altogther, leaving your account credited with a $100 deposit, but with no record of the immediately preceding withdrawal.
According to MonoX, some of the funds acquired in this way have been pushed through a so-called tumbler or transaction mixer, presumably to attempt to disguise their source so they can be spent again without arousing suspicion.