Apr 2025 - Mochi DeFi Contract Multiple Transactions Suspicious Attack - $49k (Global)
MochiFi is a decentralized finance (DeFi) platform that allows users to utilize emerging digital assets and NFTs as collateral. The core offering revolves around enabling users to maintain exposure to the long-term value of their digital holdings while gaining liquidity through borrowing USDM, a stablecoin native to the Mochi ecosystem. Mochi provides various tools, such as vaults and asset pools, to help users manage and maximize the utility of their digital assets.
The platform supports a variety of asset tokens that can be deposited into vaults, contributing to the system’s total value locked (TVL). Users can then borrow against these deposits, accessing USDM liquidity. The system also features real-time stats like circulating USDM, vault TVL, and the system ratio, offering transparency and insight into the protocol’s health and performance. Auctions and lab features are available to experiment with or participate in new financial mechanisms within the Mochi ecosystem.
MochiFi emphasizes community engagement and transparency, offering multiple touchpoints such as Discord, Twitter, Telegram, a forum, and documentation for user support. It is integrated with major DeFi tracking platforms like Defi Llama and Defi Pulse and adheres to Ethereum standards like EIP-1559. By entering the app, users agree to the terms of service and can begin leveraging their assets for borrowing or other DeFi operations through a clean, wallet-connected interface.
Unfortunately, the Mochi DeFi smart contract was vulnerable.
The transaction is described as a "suspicious attack".
TenArmor reports that the amount lost was approximately $49k USD.
The Mochi DeFi project appears to be inactive. The situation was reported on by other third parties.
It does not seem like anyone involved in Mochi DeFi is going to be pursuing a recovery for affected users.
There doesn't seem to be anything ongoing in this case.
Further Analysis
MochiFi, a DeFi platform that enabled users to use digital assets and NFTs as collateral to borrow its native stablecoin USDM, suffered a security breach due to a vulnerability in its smart contract. This led to a suspicious transaction resulting in a loss of approximately $49,000 USD, as reported by TenArmor. Following the incident, the project appears to have gone inactive, with no public efforts from the team to recover lost funds or compensate affected users, and third-party sources have confirmed the lack of ongoing activity or resolution.
How Could This Have Been Prevented?
More Cryptocurrency Exchange Hacks/Scams/Frauds
MEV Bot Tricked And Drained By Dummy Token Swap > > < < AIRWA Access Control Public Burn Rate Function Exploited
Sources/Further Reading
TenArmor - "Our system has detected a suspicious attack involving #Mochi Inu @MochiDeFi on #ETH, resulting in an approximately loss of $49K." - Twitter/X (Dec 31)
First Attack Transaction - Etherscan (Dec 31)
Second Attack Transaction - Etherscan (Dec 31)
Third Attack Transaction - Etherscan (Dec 31)
BlockSecTeam - "@MochiDeFi was hacked with a loss around 50K in multiple transactions." - Twitter/X (Dec 31)
Mochi Finance Homepage (Dec 31)
Mochi Finance Twitter/X Account (Dec 31)
Mochi Defi - "USDM Peg Recovery Module (PRM) UX preview: (Details on how it works soon)" - Twitter/X (Dec 31)
 t.me/QuadrigaInitiative
|
 /r/QuadrigaInitiative
|
 @QuadrigaInit
|
 info@quadrigainitiative.com
|