In Brief
- SwapNet exploit drains $16.8M after users disabled one-time approval protections.
- Attacker swapped $10.5M USDC to ETH on Base before bridging to Ethereum.
- Matcha Meta disables affected contracts as security firms flag wider DeFi risks.
A security breach linked to SwapNet led to losses of about $16.8 million, affecting users interacting through Matcha Meta. The incident mainly impacted users who disabled one-time approvals, thereby exposing persistent token permissions.
Blockchain security firm PeckShieldAlert identified the exploit and traced the initial fund movements. The attacker targeted SwapNet router contracts that retained unlimited approvals from affected user wallets.
On the Base network, the attacker exchanged roughly $10.5 million in USDC for about 3,655 ether. Soon after, the attacker began bridging the converted assets to the Ethereum mainnet to complicate tracking.
SwapNet operates as a liquidity router used by Matcha Meta to source pricing and deep liquidity. The exploit involved abusing existing approvals rather than breaching private keys or core infrastructure.
Matcha Meta, built by the 0x team, confirmed the issue and immediately disabled affected SwapNet contracts. The platform also removed the option allowing users to grant direct approvals to third-party aggregators.
Investigation Expands as Security Firms Flag Wider Risks
Further analysis suggested the exploit stemmed from an arbitrary call vulnerability within SwapNet contracts. This flaw allowed attackers to transfer approved tokens without requesting new permissions.
Security firm BlockSec reported that multiple contracts across chains suffered losses exceeding $17 million. Affected networks included Ethereum, Arbitrum, Base, and BNB Chain, increasing the incident’s scope.
Separately, CertiK estimated that stolen funds near $13.3 million in USDC from related activity.
Some contracts involved remained closed-source and unverified at deployment.
Matcha Meta later confirmed that 0x core contracts were not affected by the incident.
Users relying on one-time approvals through 0x infrastructure remained unaffected.
The incident renewed scrutiny around persistent token approvals in decentralized finance.
Unlimited permissions offer convenience but increase exposure during smart contract failures.
Meanwhile, on-chain investigator ZachXBT criticized Circle’s delayed response to freeze remaining USDC. Roughly $3 million reportedly remained at addresses eligible for freezing during the response window.
The breach adds to a growing list of DeFi security failures early in 2026. Industry data shows stolen crypto funds reached record levels in recent years, increasing pressure on protocol security practices.
|
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
CoW Swap Pauses Protocol After DNS Hijacking Drains at Least $1M in User Funds
CoW Swap suspended its protocol after DNS hijacking redirected users to a fraudulent site, resulting in over $1 million in crypto theft. The incident led to precautionary actions and user warnings, while security measures were implemented.
GateNews19h ago
Lattice Announces Shutdown: Redstone Will Close on May 16, Users Must Withdraw by the Deadline
Gaming infrastructure developer Lattice announced it will shut down on May 15 and reminded users to withdraw their funds. After the shutdown, contract funds cannot be withdrawn through L1 contracts; only funds in personal wallets can be recovered. Over the past five years, Lattice has failed to realize its business model and ultimately decided to close, but its MUD framework and DUST game will continue to run.
MarketWhisper21h ago
Lattice to Shut Down Redstone Network in May, Users Urged to Withdraw Funds
Lattice, the gaming infrastructure team, will gradually shut down its Redstone network by May 15, 2026. Users are advised to withdraw funds quickly, as assets in smart contracts will be unrecoverable post-shutdown. Projects under Lattice have been open-sourced or migrated to new chains.
GateNews21h ago
Can you bypass FSC regulations to buy crypto with a credit card? Odin Ding launches a U.S. debit card crypto purchase service, Wallet Pro
The OwlPay and Wallet Pro services launched by OdinTing use stablecoin technology to enable B2B cross-border payments, and have partnered with international payment giants, showcasing its ambition to expand in the fintech space. By operating from offshore locations, OdinTing bypasses Taiwan’s regulatory restrictions, providing faster virtual-asset trading, while also confronting the newly promulgated Virtual Asset Services Act; in the future, it could become a reference template for other foreign companies entering the Taiwan market.
CryptoCity04-14 22:41
Thodex Founder Farul Fatih Ozer Arrested in Turkey, Faces Charges Over Alleged $2B Theft
Farul Fatih Ozer, founder of the collapsed cryptocurrency exchange Thodex, was arrested in Istanbul, facing fraud and money laundering charges. Allegedly fleeing with $2 billion in investor funds, Ozer's case claims significant financial losses and has led to a nationwide cryptocurrency payment ban in Turkey.
GateNews04-14 18:17
Bypassing FSC regulations to buy crypto with a credit card: Is it possible? Odin Ding promotes Wallet Pro, a service for buying crypto with a U.S. debit card
OwlPay and Wallet Pro services launched by OdinTing use stablecoin technology to enable B2B cross-border payments, and partner with international payment giants to showcase its expansion ambitions in the fintech space. By operating from abroad, OdinTing bypasses Taiwan’s regulatory restrictions, offering fast virtual-asset trading; meanwhile, as it faces the newly promulgated Virtual Asset Services Act, it is likely to become a reference template for other foreign-invested companies entering the Taiwan market.
CryptoCity04-14 16:31
