- Attackers exploit vulnerabilities to execute sophisticated asset theft and memecoin schemes.
- Consecutive breaches within the Base network underscore the urgency of bolstering security protocols.
RocketSwap, the decentralized exchange on Base network, recently suffered a hacking incident. The attacker stole RCKT tokens and converted them into Ethereum worth $870,00. Then the hacker established a memecoin dubbed LoveRCKT.
The security breach raised questions about RocketSwap’s security measures, particularly its deployment process and storage of private keys.
Security firm PeckShield meticulously examined the breach, uncovering several security gaps that may have been behind the attack. The attacker not only swiftly converted the stolen assets into Ethereum, they also created a memecoin named LoveRCKT.
The launch of the memecoin aimed to capitalize on stolen assets, potentially manipulating market sentiment for personal gain.
#PeckShieldAlert The @RocketSwap_Labs exploiter has grabbed ~471 $ETH and bridged them from #Base to #Ethereum, and then created the token $LoveRCKT, the exploiter already supplied 90T $LoveRCKT and 400 $ETH to #Uniswap https://t.co/z12YlLjbsn pic.twitter.com/Wxaph6lcuD
— PeckShieldAlert (@PeckShieldAlert) August 15, 2023
This breach prompted concerns about RocketSwap’s security practices, specifically focusing on deployment processes and private key storage. It identified vulnerabilities such as offline signatures during launchpad deployment and private key storage on a server.
Cascading concerns: Breaches ripple through Base network, sparking vigilance
Following the breach, speculation within the crypto community surfaced regarding the involvement of the RocketSwap team in a “rug pull.” However, the team categorically denied internal involvement, attributing the breach to a third-party hacker exploiting the identified weaknesses.
As a result of the team’s investigation
We are sorry to inform you that the team needed to use offline signatures when deploying the launchpad and put the private keys on the server.
A brute force hack of the server was detected, and due to the proxy contract used for the farm…— RocketSwap (@RocketSwap_Labs) August 14, 2023
The team explained that the hacker executed a brute force attack on a cloud server linked to the project. It then gained unauthorized access to RocketSwap’s private keys. The assets were transferred from the platform’s yield farm with these keys.
This incident is not isolated on the Base network. LeetSwap, another decentralized exchange on the same network, fell victim to a similar breach, losing $630,000 on 31 July.
These consecutive breaches raised concerns within the community about the Base network’s security and associated decentralized applications. The network’s journey transitioned from a developer-only mainnet activation to going live to the public.
Despite rapid growth and over $200 million influx from Ethereum, these breaches emphasize the need for stringent security to safeguard user assets.
As our DEX is forked from Solidly, our factory had a security pause function.
We noticed that some pool liquidity might have been compromised and we temporarily stopped the trading to investigate.
— LeetSwap (@LeetSwap) August 1, 2023
The memecoin, LoveRCKT, experienced a threefold surge in its value within a single day, before plummeting by over 90%.
As our DEX is forked from Solidly, our factory had a security pause function.
We noticed that some pool liquidity might have been compromised and we temporarily stopped the trading to investigate.
— LeetSwap (@LeetSwap) August 1, 2023
Source: https://ambcrypto.com/rocketswap-hack-leads-to-loverckt-memecoin-surge/