Matcha Meta sees $16.8 million drained in SwapNet incident: PeckShield

Blockchain security firm PeckShield has issued an urgent alert concerning a significant exploit targeting users interacting with the Matcha Meta platform via the SwapNet decentralized exchange aggregator. The total estimated losses from the incident stand at approximately $16.8 million.

The attack, which was first detected early Thursday morning UTC, appears to exploit a critical vulnerability within the SwapNet routing mechanism or approval flow. According to PeckShield’s preliminary analysis, the exploiter systematically drained large quantities of stablecoins (including USDC and USDT) and wrapped Ethereum (WETH) from user wallets that had granted permissions to the vulnerable SwapNet contracts.

Transaction monitoring shows that the stolen funds were swiftly consolidated and subsequently funneled through privacy mixers, notably Tornado Cash, complicating immediate tracing and recovery efforts. The attack sequence suggests a targeted zero-day vulnerability exploit rather than a simple flash loan attack.

In response, Matcha Meta has temporarily disabled deposit and swap functionalities on affected contract versions and urged all users who have recently interacted with SwapNet through the Matcha interface to immediately revoke any outstanding approvals given to the compromised addresses. Investigations are ongoing, with Matcha Meta officials confirming they are working alongside cybersecurity specialists and regulatory bodies to mitigate further risk and pursue the perpetrators.

Source: Matcha Meta sees $16.8 million drained in SwapNet incident: PeckShield

Disclaimer: This content is generated via ZODIAC AI engine for informational purposes. While we strive for accuracy, we do not guarantee the completeness of the information. This is not financial advice. Decisions should be made based on your own judgment.