In Brief
- SwapNet exploit drains $16.8M after users disabled one-time approval protections.
- Attacker swapped $10.5M USDC to ETH on Base before bridging to Ethereum.
- Matcha Meta disables affected contracts as security firms flag wider DeFi risks.
A security breach linked to SwapNet led to losses of about $16.8 million, affecting users interacting through Matcha Meta. The incident mainly impacted users who disabled one-time approvals, thereby exposing persistent token permissions.
Blockchain security firm PeckShieldAlert identified the exploit and traced the initial fund movements. The attacker targeted SwapNet router contracts that retained unlimited approvals from affected user wallets.
On the Base network, the attacker exchanged roughly $10.5 million in USDC for about 3,655 ether. Soon after, the attacker began bridging the converted assets to the Ethereum mainnet to complicate tracking.
SwapNet operates as a liquidity router used by Matcha Meta to source pricing and deep liquidity. The exploit involved abusing existing approvals rather than breaching private keys or core infrastructure.
Matcha Meta, built by the 0x team, confirmed the issue and immediately disabled affected SwapNet contracts. The platform also removed the option allowing users to grant direct approvals to third-party aggregators.
Investigation Expands as Security Firms Flag Wider Risks
Further analysis suggested the exploit stemmed from an arbitrary call vulnerability within SwapNet contracts. This flaw allowed attackers to transfer approved tokens without requesting new permissions.
Security firm BlockSec reported that multiple contracts across chains suffered losses exceeding $17 million. Affected networks included Ethereum, Arbitrum, Base, and BNB Chain, increasing the incident’s scope.
Separately, CertiK estimated that stolen funds near $13.3 million in USDC from related activity.
Some contracts involved remained closed-source and unverified at deployment.
Matcha Meta later confirmed that 0x core contracts were not affected by the incident.
Users relying on one-time approvals through 0x infrastructure remained unaffected.
The incident renewed scrutiny around persistent token approvals in decentralized finance.
Unlimited permissions offer convenience but increase exposure during smart contract failures.
Meanwhile, on-chain investigator ZachXBT criticized Circle’s delayed response to freeze remaining USDC. Roughly $3 million reportedly remained at addresses eligible for freezing during the response window.
The breach adds to a growing list of DeFi security failures early in 2026. Industry data shows stolen crypto funds reached record levels in recent years, increasing pressure on protocol security practices.
|
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Hunan Financial Office confirms that Yuzhi Financial has completely run away, and police across various regions have opened channels for rights protection registration.
Gate News Announcement, March 10th, Hunan Financial Office confirmed that Yuzhi Financial Co., Ltd., under the name of "Virtual Asset Copy Trading," has completely "run away." Currently, police in various regions have opened channels for rights protection registration, and affected users can register through official channels.
GateNews8h ago
Cryptocurrency project Aethir spreads negative news, with the marketing director accused of having sought women for Epstein.
Gate News reports that on March 10, the crypto community announced that Aethir's marketing director Masha Prusso was accused of having sourced women for Epstein. Meanwhile, community insiders revealed that Aethir has recently undergone large-scale layoffs, with several co-founders and executives leaving one after another, suspected of soft Rug pulling. It is also reported that Masha Prusso's personal website has been taken down recently.
GateNews11h ago
JELLYJELLY Contract and Spot Price Discrepancy at 34%, Manipulation Warning Alert Triggered
JELLYJELLY tokens experienced an extreme divergence of 34% between the perpetual contract mark price and the on-chain spot price on March 10, suspected of price manipulation. Analysis shows a surge in open interest and a funding rate reaching -2% every 4 hours, indicating market instability and manipulation risk. Analysts warn investors that this situation could trigger significant price volatility and reflects structural risks during the integration process of decentralized and centralized exchanges.
MarketWhisper13h ago
Korea FIU plans to impose a six-month partial suspension on a certain CEX
Gate News Announcement: On March 9, the Financial Intelligence Unit (FIU) of South Korea issued a preliminary notice to a certain CEX for suspected violations of the "Specific Financial Transaction Information Act," engaging in transactions with unreported overseas virtual asset service providers, and inadequate KYC procedures. The exchange has been temporarily suspended for "6 months with partial operation." Responsible personnel will be held accountable. This restriction mainly affects the virtual asset withdrawal function for new users. Existing users' KRW and crypto asset deposits, withdrawals, and trading are temporarily unaffected.
GateNews03-09 11:40
Suspended deposits and withdrawals, sued by customers! Cryptocurrency trading company BlockFills seeks restructuring
Cryptocurrency company BlockFills has suspended customer deposits and withdrawals due to worsening market conditions and legal disputes. They are currently evaluating a debt restructuring plan and have hired consultants to assist. Facing allegations from Dominion Capital and a temporary court injunction, BlockFills is seeking restructuring and improvements to its financial and governance mechanisms.
区块客03-09 11:25
Flow Foundation Seeks Court Injunction to Prevent Korean Exchange from Delisting FLOW Token
Flow Foundation and Dapper Labs have applied to the Seoul court to suspend the delisting of FLOW from major exchanges, following previous trading halts caused by cybersecurity incidents. Although the event did not affect user balances, it raised concerns about FLOW liquidity and investor confidence. The court will review this application.
GateNews03-09 07:13
