Matcha Meta, a decentralized exchange aggregator, reported a security issue on January 25 involving one of its main liquidity partners, SwapNet.
The attack was connected to a flaw in a smart contract that allowed an unknown party to move funds without permission.
In a post on X, Matcha Meta said users who had approved SwapNet’s router contract for token spending might be at risk. The team urged everyone to cancel or revoke those approvals immediately to prevent further losses.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
What is Fantom? | Animated FTM Explainer
Different blockchain security firms gave varying estimates of the damage. CertiK said around $13.3 million was taken, while PeckShield reported at least $16.8 million in stolen assets on the Base network.
PeckShield wrote on X, “So far, around $16.8M worth of crypto has been drained. On Base, the attacker swapped around 10.5M USDC
CertiK explained that the issue came from an “arbitrary call in @0xswapnet contract that let the attacker transfer funds approved to it”.
This flaw allowed the attacker to move any tokens that users had previously granted permission for.
Matcha Meta clarified that its own systems were not directly breached. The problem was caused by a vulnerability in SwapNet’s smart contract.
The platform said it would continue to share updates and recommended that users review their token permissions to stay protected.
Saga, a blockchain network, recently shut down operations on its SagaEVM mainnet after discovering an exploit. How did the incident happen? Read the full story.