SlowMist Founder Issues Warning on Potential Monad Airdrop Exploit

A reported vulnerability in Monad’s airdrop claim page led to a user losing over $112,000 in MON rewards to gas fees amid failed transactions and potential wallet-binding exploits.

99d ago

Fact Check

The provided sources consistently and overwhelmingly support the statement. Multiple independent news outlets, including PANews, CryptoRank, and Bitget, directly attribute a public security warning about the Monad airdrop to the founder of SlowMist. The founder is explicitly named as Yu Xian, and his aliases (Cos, Cosine) are also mentioned, strengthening the claim. The reports are specific, referencing issues like session hijacking and security vulnerabilities affecting the airdrop claim process. There are no contradictions among the sources. While the sources are secondary reports from news agencies, their unanimous agreement on the core facts — the identity of the person (SlowMist's founder), the subject (Monad airdrop), and the action (issuing a public warning) — makes the statement highly credible.

Summary

On Nov. 25, a user lost more than $112,000 worth of MON airdrop rewards to gas fees after submitting hundreds of unsuccessful on-chain transactions. SlowMist founder Cos highlighted a vulnerability in Monad’s airdrop claim page that allowed attackers to link rewards to their wallets without user confirmation. This flaw potentially enabled exploitation through wallet-binding without authorization, resulting in diverted rewards. Cos urged Monad to investigate the issue and review address change logs to assess the extent of affected accounts and strengthen security measures.

Terms & Concepts

Airdrop: A distribution of cryptocurrency tokens to users, often free, usually to promote a project or reward loyalty.
Gas Fees: Transaction fees paid to validators or miners to process operations on a blockchain network.
Monad: A blockchain project conducting a token distribution, in this case via an airdrop claim page.