Base’s largest DEX, LeetSwap, halts trading amid exploit concerns
Jesse Coghlan5 hours agoBase’s largest DEX, LeetSwap, halts trading amid exploit concernsSome analysts have provided possible ways the exchange was exploited and pinned potential initial losses at over $600,000.2392 Total views28 Total sharesListen to article 0:00NewsJoin us on social networksDecentralized exchange LeetSwap, which operates on Coinbase’s Base network, has announced a pause on trading, citing concerns of a potential exploit.
LeetSwap tweeted on Aug. 1 that it noticed some of its liquidity pools may have been compromised and temporarily stopped trading to investigate. In a subsequent update, the exchange said it is working with on-chain security experts to try to recover locked liquidity.As our DEX is forked from Solidly, our factory had a security pause function.
We noticed that some pool liquidity might have been compromised and we temporarily stopped the trading to investigate.— LeetSwap (@LeetSwap) August 1, 2023
While the exchange did not share many details, a number of blockchain sleuths have since provided some commentary about how the exploit is likely to have taken place.
Algorithmic market maker Wintermute’s research head, Igor Igamberdiev, believes the attacker used an exposed smart contract function, allowing them to increase the price of a token which would then allow them to drain wrapped Ether (ETH) from LeetSwap’s liquidity pools.It was easy:
- swap a bit of WETH for X tokens (should have fees)
- call _transferFeesSupportingTaxTokens(address, uint256) to move token to a Fees contract
- call sync()
- swap X tokens for all WETH from the pool
Don"t think that this function should be public
GG WP pic.twitter.com/a7vXvWf0HY— Igor Igamberdiev (@FrankResearcher) August 1, 2023
Igamberdiev added the potential exploit has seemingly netted the attacker 342.5 ETH, worth over $630,000.
Multiple blockchain security firms including PeckShield, Beosin, BlockSec and CertiK confirmed Igamberdiev"s theory and the amount exploited in separate tweets.
Related: Pro-XRP lawyer Jeremy Hogan’s scam tweet bonanza finally falls silent
In an update by LeetSwap roughly an hour and a half after it notified of the trading halt, it said it’s working with security experts to find a way to recover liquidity locked on the platform.We are working with on-chain security experts to try and find a way to recover the locked liquidity.
If you did not lock your liquidity you are free to remove it from the pools.— LeetSwap (@LeetSwap) August 1, 2023
It"s the second Base-related controversy in a day. Earlier, the developer of a Brian Armstrong-themed memecoin called BALD removed liquidity for the token, causing its price to drop.
Allegations flew that the project was an exit scam, which the project developer denied.
Asia Express: China expands CBDC’s tentacles, Malaysia is HK’s new crypto rival# Blockchain# Hackers# Base# Hacks# DeFi# DEXAdd reactionAdd reactionRelated NewsWhat is an atomic swap, and how does it work?We need to fundamentally change how smart contracts operateArbitrum-based Rodeo Finance exploited for second time, $1.5M stolenCrypto lender Geist Finance shuts down permanently over Multichain hack‘Multichain was a big blow,’ says Andre Cronje as Fantom TVL slumpsAlphapo hot wallets hacked for over $31 million