In Brief
- SwapNet exploit drains $16.8M after users disabled one-time approval protections.
- Attacker swapped $10.5M USDC to ETH on Base before bridging to Ethereum.
- Matcha Meta disables affected contracts as security firms flag wider DeFi risks.
A security breach linked to SwapNet led to losses of about $16.8 million, affecting users interacting through Matcha Meta. The incident mainly impacted users who disabled one-time approvals, thereby exposing persistent token permissions.
Blockchain security firm PeckShieldAlert identified the exploit and traced the initial fund movements. The attacker targeted SwapNet router contracts that retained unlimited approvals from affected user wallets.
On the Base network, the attacker exchanged roughly $10.5 million in USDC for about 3,655 ether. Soon after, the attacker began bridging the converted assets to the Ethereum mainnet to complicate tracking.
SwapNet operates as a liquidity router used by Matcha Meta to source pricing and deep liquidity. The exploit involved abusing existing approvals rather than breaching private keys or core infrastructure.
Matcha Meta, built by the 0x team, confirmed the issue and immediately disabled affected SwapNet contracts. The platform also removed the option allowing users to grant direct approvals to third-party aggregators.
Investigation Expands as Security Firms Flag Wider Risks
Further analysis suggested the exploit stemmed from an arbitrary call vulnerability within SwapNet contracts. This flaw allowed attackers to transfer approved tokens without requesting new permissions.
Security firm BlockSec reported that multiple contracts across chains suffered losses exceeding $17 million. Affected networks included Ethereum, Arbitrum, Base, and BNB Chain, increasing the incident’s scope.
Separately, CertiK estimated that stolen funds near $13.3 million in USDC from related activity.
Some contracts involved remained closed-source and unverified at deployment.
Matcha Meta later confirmed that 0x core contracts were not affected by the incident.
Users relying on one-time approvals through 0x infrastructure remained unaffected.
The incident renewed scrutiny around persistent token approvals in decentralized finance.
Unlimited permissions offer convenience but increase exposure during smart contract failures.
Meanwhile, on-chain investigator ZachXBT criticized Circle’s delayed response to freeze remaining USDC. Roughly $3 million reportedly remained at addresses eligible for freezing during the response window.
The breach adds to a growing list of DeFi security failures early in 2026. Industry data shows stolen crypto funds reached record levels in recent years, increasing pressure on protocol security practices.
|
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Several banks in South Korea are deepening their cooperation with cryptocurrency exchanges, with KB Kookmin Bank renewing its contract despite an incident at a certain exchange.
South Korea’s banking industry is actively strengthening cooperation with cryptocurrency exchanges to deal with constrained loan growth and to seek new profit opportunities. Several banks have established partnerships with exchanges, despite historical incidents involving mistaken Bitcoin airdrops. Regulators plan to expand their regulatory authority, which could intensify competition among banks.
GateNews03-28 00:42
The Vietnamese Ministry of Public Security has detained several executives of the ONUS platform, suspected of manipulating token prices and misappropriating investors' funds.
Vietnam's Ministry of Public Security has detained several individuals related to the cryptocurrency platform ONUS, accusing them of embezzling investor funds through false advertising, involving billions of dollars. Investigators claim the suspects manipulated token supply and demand, with 140 people already summoned for questioning. The ONUS platform claims to have 7 million users and a market value of approximately $25 million, but has not yet responded to these allegations.
GateNews03-27 15:00
A CEX platform requires users to input their plaintext seed phrase on a specific page.
Gate News reports that on March 26, Co-founder Yu Xian of SlowMist stated that a certain CEX has taken down the page that required users to input their plaintext seed phrases. He pointed out that the security model for online web pages is very weak, much lower than that of extensions and apps; collecting plaintext seed phrases through online web pages is easy for phishing sites to imitate and has long been a common phishing tactic.
GateNews03-26 14:47
Circle Freezes USDC Balances in 16 Hot Wallets Involving Exchanges and Multiple Business Operations
Gate News: On March 26, according to ZachXBT's disclosure, Circle froze USDC balances in 16 business-related hot wallets on March 25. The relevant entities stated that this action is related to a U.S. civil case with details not yet made public. ZachXBT stated that upon reviewing on-chain data, these addresses are involved in exchanges, gaming platforms, and forex businesses with no apparent connections to each other. The freeze has already impacted the operations of the related businesses.
GateNews03-26 00:30
Resolv Foundation suspends Season 4 airdrop claims and RESOLV token staking functions
Gate News: On March 25, Resolv Foundation announced that due to recent security incidents involving Resolv Labs' stablecoin USR, both the protocol and applications have been suspended. Season 4 airdrop claiming functionality is temporarily unavailable, and staking and unstaking functions for RESOLV tokens are also temporarily unavailable. Once the protocol recovery plan is finalized and the application can be safely used again, the relevant functions will be restored.
GateNews03-25 14:03
RootData Issues Transparency Alert, 5 DEXs Including Hydration and Hyperbot Missing Core Information
RootData posted a transparency alert on Twitter, pointing out missing information on multiple decentralized exchanges and calling on projects to update their information to improve transparency scores. The scoring system measures information completeness on a scale from A to F, with lower scores indicating higher risk of misconduct, requiring investors to exercise caution.
GateNews03-25 09:25
