MonoSwap Developer Tricked Into Installing Phishing App

Reading Time: 2 minutes
  • Scammers have tricked a MonoSwap developer into installing a phishing app by disguising themselves as venture capitalists
  • The scammers used the app to siphon funds from the DeFi protocol
  • MonoSwap is yet to disclose the amount of funds stolen

Scammers continue to sharpen their skills and are now posing as venture capitalists with DeFi platform developers being their main target. The latest platform to fall victim to this tactic is MonoSwap whose developer was tricked into installing a phishing app that malicious actors used to drain funds from the protocol. Although the platform is yet to disclose the amount of funds stolen, the amount is likely to be high because the attackers managed to gain control of all of its wallets, something that may cripple MonoSwap’s operations.

Scammers Access Smart Contracts and Wallets

According to the DeFi platform, the scammers posed as venture capitalists and asked the developer to install an app to join a call, probably to discuss possible cooperation opportunities. During the call, the scammers installed additional software into the developer’s office computer, enabling them to access MonoSwap’s smart contracts and wallets.

The platform admitted that the attackers siphoned “most of the staked liquidity positions.” The protocol revealed that the hack happened at a time when they were trying to work with venture capitalists. 

MonoSwap has cautioned against depositing funds and encouraged users to withdraw funds to lower the amount of funds lost. It has also said it’s trying its “best to solve [the] issue.”

NFT Holders Targeted Through Zoom Calls

MonoSwap’s predicament comes two days after scam researchers unearthed a new trick where scammers invite victims to Zoom calls using malicious links. Scammers using this tactic target NFT collectors and crypto whales.

Scammers are continuously inventing new ways to steal funds from unsuspecting victims. Some common tricks used by these actors in the recent past include linking wallet drainers in hacked social media accounts and cloned websites.

With MonoSwap revealing that they were trying to work with VCs, it raises questions on whether the scammers knew about this cooperation.

 

Share