Buy Crypto
Pay with
USD
USD
Buy & Sell
Hot
Supports Visa, MasterCard, SEPA & more
P2P
0 Fees
Flexible trading, zero fees
Gate Card
Use your crypto for payments worldwide
Markets
Trade
Basic
Advanced
Futures
Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Earn
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
tag
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Investment
Square
Square
Post, share, and explore crypto trends
Live
moments live
Live crypto market analysis
Chat
Chat with crypto traders
News
What is happening in crypto
flower_head
More
Promotions
AI
Diğerleri
TradFi
SpaceX Pre-IPOs
Rewards

SwapNet Exploit Drains $16.8M After Approval Flaw on Matcha Meta

CoincuInsights
Exchange Risk
ETH1,71%
ARB3,77%
BNB1,77%

In Brief

  • SwapNet exploit drains $16.8M after users disabled one-time approval protections.
  • Attacker swapped $10.5M USDC to ETH on Base before bridging to Ethereum.
  • Matcha Meta disables affected contracts as security firms flag wider DeFi risks.

A security breach linked to SwapNet led to losses of about $16.8 million, affecting users interacting through Matcha Meta. The incident mainly impacted users who disabled one-time approvals, thereby exposing persistent token permissions.

Blockchain security firm PeckShieldAlert identified the exploit and traced the initial fund movements. The attacker targeted SwapNet router contracts that retained unlimited approvals from affected user wallets.

On the Base network, the attacker exchanged roughly $10.5 million in USDC for about 3,655 ether. Soon after, the attacker began bridging the converted assets to the Ethereum mainnet to complicate tracking.

SwapNet operates as a liquidity router used by Matcha Meta to source pricing and deep liquidity. The exploit involved abusing existing approvals rather than breaching private keys or core infrastructure.

Matcha Meta, built by the 0x team, confirmed the issue and immediately disabled affected SwapNet contracts. The platform also removed the option allowing users to grant direct approvals to third-party aggregators.

Investigation Expands as Security Firms Flag Wider Risks

Further analysis suggested the exploit stemmed from an arbitrary call vulnerability within SwapNet contracts. This flaw allowed attackers to transfer approved tokens without requesting new permissions.

Security firm BlockSec reported that multiple contracts across chains suffered losses exceeding $17 million. Affected networks included Ethereum, Arbitrum, Base, and BNB Chain, increasing the incident’s scope.

Separately, CertiK estimated that stolen funds near $13.3 million in USDC from related activity.
Some contracts involved remained closed-source and unverified at deployment.

Matcha Meta later confirmed that 0x core contracts were not affected by the incident.
Users relying on one-time approvals through 0x infrastructure remained unaffected.

The incident renewed scrutiny around persistent token approvals in decentralized finance.
Unlimited permissions offer convenience but increase exposure during smart contract failures.

Meanwhile, on-chain investigator ZachXBT criticized Circle’s delayed response to freeze remaining USDC. Roughly $3 million reportedly remained at addresses eligible for freezing during the response window.

The breach adds to a growing list of DeFi security failures early in 2026. Industry data shows stolen crypto funds reached record levels in recent years, increasing pressure on protocol security practices.
DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Related Articles

Russian Crypto Exchange Grinex Halts Operations After $13M Hack, Threatening Sanctions Evasion Network

GeopoliticsSecurity IncidentsExchange Risk

Russian cryptocurrency exchange Grinex ceased operations after a cyberattack caused losses over $13 million. The shutdown impacts Russian businesses' ability to convert rubles internationally and challenges the country's shadow finance system.

GateNews3h ago

DeFi Hack Triggers $9 Billion in Outflows from Aave as Stolen Tokens Used as Collateral

Market AnalysisCapital FlowSecurity IncidentsExchange Risk

A recent hack draining nearly $300 million from a crypto project led to a liquidity crisis on Aave, causing users to withdraw around $9 billion. Concerns over collateral quality prompted mass withdrawals, highlighting risks in DeFi lending.

GateNews8h ago

KelpDAO Loses $290M in Lazarus Group LayerZero Attack

Security IncidentsExchange Risk

KelpDAO faced a $290 million loss due to a sophisticated security breach linked to the Lazarus Group. The attack exploited configuration weaknesses in their verification system and highlighted the risks of relying on a single-point verification setup. Industry experts emphasize the need for improved security configurations and multi-layer verification to prevent future incidents.

CryptoFrontier12h ago

Ripple CTO: Kelp DAO Exploit Reflects Bridge Security Trade-Offs

Security IncidentsExchange Risk

David Schwartz, CTO Emeritus at Ripple, analyzed bridge security vulnerabilities following the $292 million Kelp DAO exploit. He noted that providers prioritized convenience over robust security, undermining essential protective features. The Kelp DAO breach stemmed from a private key leak, exacerbated by a simplified security configuration in their LayerZero implementation.

CryptoFrontier15h ago

IRS tax refund delays trigger a HYTOPIA shutdown crisis—platform goes offline for 1 to 3 months

Project ProgressExchange Risk

The metaverse platform HYTOPIA decided to pause the operation of its infrastructure because a large IRS tax refund has not yet been received. The platform plans to be offline for 1 to 3 months. A dispute over unpaid invoices between the platform and HY Foundation has also led to delays in the delivery of some tokens. HYTOPIA promises to handle this matter transparently and asks the community to be patient and wait.

MarketWhisper15h ago

Curve Finance Suspends LayerZero Bridging as a Precaution, Limits CRV and crvUSD Bridge Access

Project ProgressSecurity IncidentsExchange Risk

Curve Finance has been attacked over LayerZero infrastructure related to rsETH, and has temporarily suspended cross-chain functionality to prevent risk, impacting CRV cross-chain bridging and the fast bridging of crvUSD. Founder Egorov said the incident demonstrates the risk of “non-isolated lending,” and proposed a fully isolated mode as an alternative. Kelp DAO also suffered losses of about $292 million due to the attack, affecting lending activity on the Aave platform.

MarketWhisper16h ago
Comment
0/400
No comments