In Brief
- SwapNet exploit drains $16.8M after users disabled one-time approval protections.
- Attacker swapped $10.5M USDC to ETH on Base before bridging to Ethereum.
- Matcha Meta disables affected contracts as security firms flag wider DeFi risks.
A security breach linked to SwapNet led to losses of about $16.8 million, affecting users interacting through Matcha Meta. The incident mainly impacted users who disabled one-time approvals, thereby exposing persistent token permissions.
Blockchain security firm PeckShieldAlert identified the exploit and traced the initial fund movements. The attacker targeted SwapNet router contracts that retained unlimited approvals from affected user wallets.
On the Base network, the attacker exchanged roughly $10.5 million in USDC for about 3,655 ether. Soon after, the attacker began bridging the converted assets to the Ethereum mainnet to complicate tracking.
SwapNet operates as a liquidity router used by Matcha Meta to source pricing and deep liquidity. The exploit involved abusing existing approvals rather than breaching private keys or core infrastructure.
Matcha Meta, built by the 0x team, confirmed the issue and immediately disabled affected SwapNet contracts. The platform also removed the option allowing users to grant direct approvals to third-party aggregators.
Investigation Expands as Security Firms Flag Wider Risks
Further analysis suggested the exploit stemmed from an arbitrary call vulnerability within SwapNet contracts. This flaw allowed attackers to transfer approved tokens without requesting new permissions.
Security firm BlockSec reported that multiple contracts across chains suffered losses exceeding $17 million. Affected networks included Ethereum, Arbitrum, Base, and BNB Chain, increasing the incident’s scope.
Separately, CertiK estimated that stolen funds near $13.3 million in USDC from related activity.
Some contracts involved remained closed-source and unverified at deployment.
Matcha Meta later confirmed that 0x core contracts were not affected by the incident.
Users relying on one-time approvals through 0x infrastructure remained unaffected.
The incident renewed scrutiny around persistent token approvals in decentralized finance.
Unlimited permissions offer convenience but increase exposure during smart contract failures.
Meanwhile, on-chain investigator ZachXBT criticized Circle’s delayed response to freeze remaining USDC. Roughly $3 million reportedly remained at addresses eligible for freezing during the response window.
The breach adds to a growing list of DeFi security failures early in 2026. Industry data shows stolen crypto funds reached record levels in recent years, increasing pressure on protocol security practices.
|
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
A prediction market platform delisted a “Missing U.S. military aviator” prediction market, saying it violated integrity standards.
A prediction market platform removed markets about the fate of a missing American pilot for violating the “integrity standards,” triggering controversy. U.S. House lawmakers criticized such betting as “disgusting” and questioned rule transparency. Meanwhile, concerns about insider trading have intensified, and regulators are calling for stronger restriction measures.
GateNews7h ago
Elon Musk's X to deploy scam kill switch by auto-locking first-time crypto mentioners
Social media platform X will auto-lock accounts that mention cryptocurrency for the first time, requiring additional verification to deter crypto phishing scams. This new measure aims to eliminate incentives for attacks that hijack accounts to promote fraudulent tokens.
CoinDesk04-03 15:48
four.meme Due to a technical defect, the token creation for the fee mode has been paused. Full refunds will be issued to affected users.
four.meme announcement: Because the project tax fee receiving address that starts with 0x9f4 has a defect, sell transactions have failed. The related token creation function has been paused, and users are advised to stop trading. Also, full refunds will be provided to affected users who purchased before April 3 at 22:50.
GateNews04-03 15:04
Upload private, explicit videos as a “nude-lending” cryptocurrency loan? “Hero Loan” targets people cornered with no way out—if they default, they upload OnlyFans.
A product that combines cryptocurrency, adult content, and a high-risk lending mechanism has recently sparked heated discussion in crypto circles and on social platforms. The project, named “Hero Loan,” promotes the slogan “unsecured loans,” but requires users to upload private videos as a condition, and ties default risk to an adult-platform monetization mechanism—prompting many netizens to describe it as “an encrypted version of loan-sharking/porn lending.”
The project even uses “If you think this won’t get used, it just means you haven’t reached rock bottom yet” as its promotional tagline, clearly targeting users with high risk and extreme capital pressure. However, shortly after it was exposed, one netizen said they had sent a video but didn’t receive any money; a KOL also responded that the project appears to have rug-pulled.
But honestly, a private video is only worth 60 bucks—that’s just too brutal.
“Hero Loan” targets people with nowhere left to go
According to information on the official website, the product runs on BNB Chain and is positioned for “people who have nowhere left to go—
ChainNewsAbmedia04-03 13:35
Leap Wallet will stop operating on May 28, and users need to complete the migration as soon as possible
Gate News message, on April 3, the crypto wallet app Leap Wallet announced that it will stop operating on May 28, and users need to complete asset migration as soon as possible. The shutdown scope includes: Compass Wallet (browser extension, iOS and Android versions), Leap WebApp, Swapfast, Leap Cosmos Hub validator nodes, and Leap Cosmos
GateNews04-03 02:41
DRIFT (Drift Protocol) is up 24.16% in the last 24 hours, currently trading at $0.0561
As of April 3, DRIFT’s price is up 24.16%, now trading at $0.0561, with a market cap of approximately $32.62 million. Drift Protocol, as a decentralized exchange, has performed well in terms of security and liquidity, but trading has been restricted due to recent security incidents and risk management measures by South Korean exchanges, which has increased market volatility.
GateNews04-03 01:29
