Ethereum

LeetSwap Exploit Steals 340 ETH Through Smart Contract Bug

08/02/2023
Bitcoin Ethereum News

Decentralized exchange (DEX) LeetSwap paused trading to investigate an exploit costing liquidity providers 340 ETH.

Peckshield blamed the exploit on the LeetSwapV2Pair::_transferFeesSupportingTaxTokens() function in one of the DEX’s smart contracts.

LeetSwap DEX Exploits Mount Quickly to $13 Million

One of the security firm’s community contributors first spotted the exploit using on-chain analysis.

Later, Peckshield dismissed LeetSwap’s claims that it forked its code from Solidly, an automated market-maker based on Uniswap V2. The DEX team said it was “working with on-chain security experts” to release locked liquidity.

The liquidity hack is the second major LeetSwap exploit after a project creator pulled $12.5 million of their Base meme coin Bald. Launched in 2022, LeetSwap is the largest decentralized exchange on Coinbase’s Base network, which aims to offer higher transaction speed and lower fees than Ethereum.

An exploit of centralized exchange LeetSwap costs investors 340 ETH increasing H2's DeFi losses to $60 million so far.
DeFi hacks came in at $480 million in H1 2023 | Source: Peckshield

In its Web3 security report earlier this year, Peckshield confirmed that DeFi hacks lost investors $480 million in H1.

Curve DEX Hackers Exploit Vyper Vulnerability

But concerns are rising that the 75% drop from 2022 may just be a curtain-raiser. On Sunday, hackers stole $70 million from Curve, one of the largest decentralized exchanges on Ethereum.

Starting with an $11 million exploit of the pETH-ETH liquidity pool, hackers then targeted the alETH-TH Alchemix pool, the CRV/ETH pool, Pendle’s pETH-ETH pool, and Metronome’s msETH-ETH pool. Altogether, the attacks stole $70 million, with about $20 million going to white-hats.

Experts say a reentrancy bug in the compiler for Vyper, the language used in several Curve smart contracts, provided the attack vector. A smart contract compiler changes human-readable language a coder writes into instructions blockchains can understand.

What is decentralized finance? Find out here.

But the analysis provided scant comfort to DeFi participants, who consider the exchange one of the pillars of decentralized finance. Curve’s core features are crucial to the liquidity of stablecoins used in several DeFi projects.

Got something to say about the LeetSwap exploits, the Curve hack, or anything else? Write to us or join the discussion on our Telegram channel. You can also catch us on TikTok, Facebook, or Twitter.

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content.

Source: https://beincrypto.com/leetswap-exploit-steals-eth-smart-contract-bug/