An On-Chain DEX Aggregator Just Lost $17 Million in Major Smart Contract Attack

The on-chain DEX aggregator SwapNet experienced a major smart contract exploit resulting in the loss of approximately $16.8 million in crypto assets. The attack targeted activity accessible through Matcha Meta, a meta DEX aggregator built by the 0x team, specifically impacting users who had opted out of 0x's One-Time Approval security feature. By disabling this feature, users granted persistent, direct approvals to underlying contracts, including SwapNet's router, which became the vector for the attack. The attacker swapped about $10.5 million in USDC on the Base network for ETH and then bridged the funds to Ethereum to obscure tracking. Matcha Meta urged users to immediately revoke approvals to individual aggregators, particularly SwapNet's router contract. This incident underscores the ongoing security trade-off in DeFi between the convenience of unlimited approvals and enhanced safety, occurring alongside other recent exploits involving unverified contracts.

(Source：BeInCrypto)