SwapNet Exploit Drains $17M, Exposes DeFi Approval Risks

TheNewsCryptoPublicado a 2026-01-26Actualizado a 2026-01-26

Resumen

A significant security breach occurred at DEX aggregator SwapNet, resulting in a loss of approximately $16.8 million. The exploit was first identified by security firm PeckShield. The attacker swapped $10.5 million in USDC for Ether on Base network and bridged the funds to Ethereum. The vulnerability stemmed from users disabling the "One-Time Approval" feature designed to restrict token permissions. By doing so, they inadvertently granted direct and persistent approvals to underlying contracts, including SwapNet’s router, which the attacker exploited. Matcha Meta, the meta-DEX aggregator through which SwapNet was accessed, clarified that the issue did not originate from its core system but from this user configuration choice. SwapNet paused its contracts to mitigate further damage and investigate the incident. Users were urged to revoke approvals granted outside the One-Time Approval framework, especially for SwapNet’s router. The event underscores a critical DeFi trade-off: one-time approvals enhance security but add friction, while unlimited approvals improve usability but create persistent risk if a platform is compromised. This incident is part of a broader pattern of exploits targeting unverified code and standing approvals, highlighting ongoing risks in DeFi’s interconnected ecosystem. SwapNet has not yet released a technical post-mortem or confirmed user compensation.

A massive smart contract hack has been identified in the on-chain DEX aggregator SwapNet, which resulted in crypto assets to the tune of close to $16.8 million being siphoned off.

Peck Shield, a security company, first reported the attack, noting the suspicious action on the platform’s SwapNet integrations, which can be found through Matcha Meta, a meta-Dex aggregator platform that the 0x team designed. On the Base network, the hacker swapped $10.5 million in USDC tokens for approximately 3,655 Ether. The attacker then bridged the funds to the Ethereum network, which can be complicated to track and trace.

Matcha Meta explained, however, that the bug didn’t even emanate from its primary stack. The issue for users began with them disabling 0x’s own feature, called “One-Time Approval,” which is designed to restrict tokens’ permissions. In disabling this, users inadvertently allowed approvals directly, rather than restricting them, even for underlying aggregator contracts like SwapNet’s router, which is used by this attacker.

Matcha Meta recognized this publicly and stated that it had collaborated with the SwapNet team. SwapNet had paused the smart contracts to contain the damage and identify the exploit path for their investigation.

Approval settings under scrutiny

The platform urged users to immediately revoke approvals granted outside the One-Time Approval framework. It highlighted SwapNet’s router contract as a priority target for revocation. Without intervention, wallets would have remained exposed even after the exploit stopped.

This situation highlights an important trade-off inherent in DeFi applications. With One-Time Approvals, each transaction must be separately authorized. This, of course, helps with reduced permissions but also introduces friction. By contrast, Unlimited approvals facilitate smooth trading but grant contracts persistent access to funds. When attackers compromise a contract, those standing permissions become a direct risk.

SwapNet has not yet published a detailed technical post-mortem. The team also has not confirmed whether it will compensate affected users. That lack of clarity adds pressure on aggregator platforms to improve transparency and tighten integration standards.

Broader pattern of smart contract risks

The SwapNet exploit has not happened in a vacuum. In fact, on the same day, a different Ethereum exploit was spotted by Pashov, a security auditor, where about 37 WBTC, valued at over $3.1 million, was stolen. The exploit targeted a closed-source and unverified code deployed just weeks earlier. In fact, this code exposed the bytecode only, and it was difficult to evaluate it easily.

All of these attacks create a sense of a topological threat landscape on DeFi protocols, specifically around unverified codes, continuous token approvals, and complex routing layers connecting various protocols. Clearly, in spite of improved audits and better tools, threat actors continue to leverage design optimization and integration blind spots.

As DeFi grows more interconnected, developers must harden approval systems and reduce hidden trust assumptions. Meanwhile, users must actively manage permissions and understand the security implications of convenience features. The SwapNet exploit shows that small configuration choices can have multi-million-dollar consequences.

Highlighted Crypto News:

Japan Targets First Crypto ETFs Approval by 2028

Tagscrypto securityDeFiDEXOnchainSmart Contract

Preguntas relacionadas

QWhat was the total amount of crypto assets drained in the SwapNet exploit?

AClose to $16.8 million (or $17 million) in crypto assets was drained.

QWhich security company first reported the SwapNet attack and on which platform's integrations was the suspicious action noted?

APeckShield first reported the attack, noting the suspicious action on the platform's SwapNet integrations, which can be found through Matcha Meta.

QWhat specific user action, related to a 0x feature, inadvertently allowed the vulnerability to be exploited?

AUsers disabling the 'One-Time Approval' feature, which is designed to restrict tokens' permissions, inadvertently allowed direct and persistent approvals.

QAccording to the article, what is the critical trade-off between 'One-Time Approvals' and 'Unlimited Approvals' in DeFi?

AOne-Time Approvals reduce permissions but introduce friction by requiring separate authorization for each transaction, while Unlimited Approvals facilitate smooth trading but grant contracts persistent access to funds, creating a direct risk if a contract is compromised.

QBesides the SwapNet incident, what other exploit was reported on the same day and what was the value of the assets stolen?

AA different Ethereum exploit was spotted by security auditor Pashov on the same day, where about 37 WBTC, valued at over $3.1 million, was stolen.

Lecturas Relacionadas

A Confession from a US Stock KOL: The AI Bull Market Isn't Over, But Risks Are Looming

A self-proclaimed AI bull and US stock influencer reflects on the market. While firmly believing AI is a transformative revolution creating exponential token demand versus linear semiconductor supply, the author warns of rising risks. The current "low-PE bubble" appears resilient, fueled by strong company fundamentals and abundant post-regulatory liquidity, making it hard to oppose. However, the bull market's core premise—that hyperscalers' massive capital expenditures will be justified by soaring AI model revenues—is fragile. Key vulnerabilities are identified: the supply chain is strained and fragmented, losing the pricing control once held by giants like TSMC. More critically, leading AI models (like Anthropic's Opus) are showing signs of "cognitive decline" due to compute shortages, potentially undermining the revenue growth story. If investor faith in the model monetization cycle wavers, it could trigger a broad re-evaluation of semiconductor stocks as cyclical rather than growth assets. The author concludes that one can participate in the ongoing party but must stay vigilant, ready to exit when the music—the foundational narrative of AI revenue growth—stops.

marsbitHace 23 min(s)

A Confession from a US Stock KOL: The AI Bull Market Isn't Over, But Risks Are Looming

marsbitHace 23 min(s)

STRC Breaks Below $95: Why Does It Continue to Depeg? Is There Default Risk?

"STRC Falls Below $95: Why the Persistent Depegging and Is There Default Risk?" The article discusses the recent decline in the price of STRC, a perpetual preferred stock issued by Strategy (MSTR) designed to trade around a $100 par value. As of publication, STRC traded at $94.65, raising market concerns. STRC is described as a high-yield cash flow product, offering an 11.50% annual dividend paid monthly. Its "preferred" status grants it priority over common stock for dividends and in liquidation. Key reasons cited for the price depegging include: 1. **Bitcoin's Price Drop:** MSTR's assets are heavily tied to Bitcoin (BTC), which fell over 21% from its recent high, pressuring all Strategy-related products. 2. **Competitive Pressure:** Rival Strive Asset Management's similar product, SATA, offers daily dividends and has maintained its $100 par value with a ~13% yield. In response, Strategy has proposed changing STRC's dividend frequency from monthly to bi-weekly, pending shareholder vote. 3. **Technical Selling:** A break below $100 may have triggered algorithmic selling and stop-losses, exacerbating the decline. Regarding default risk, the analysis suggests it is currently low. Strategy founder Michael Saylor confirmed the June 2026 dividend rate remains at 11.50% with no cuts or suspensions. The company's massive reserve of 843,706 BTC provides a significant backstop for its obligations. Industry opinions are mixed. Some analysts view the BTC holdings as reliable support for dividends, while critics like Peter Schiff warn of potential dividend cuts leading to price crashes and lawsuits. Others highlight inflation risk and the company's ability to reduce dividends without a formal default. In summary, STRC's drop is attributed to BTC volatility, competition, and technical factors. While immediate default risk appears contained, the product faces challenges from market conditions and competitive dynamics.

marsbitHace 27 min(s)

STRC Breaks Below $95: Why Does It Continue to Depeg? Is There Default Risk?

marsbitHace 27 min(s)

AI Trading Cools, South Korean Stocks Plunge 1.8%, Spot Gold Rises 1%, Bitcoin Dives

A sell-off in AI-related stocks, triggered by Broadcom's disappointing earnings forecast, sent shockwaves through global markets. South Korea's KOSPI led Asia's decline, plunging 1.8% as the risks from concentrated chip stock gains and surging leveraged investments came to the fore. The tech-heavy Nasdaq 100 futures fell 0.5% following Broadcom's 14% after-hours plunge, which signaled a slower-than-expected transition to AI clients. This pullback extended Wall Street's weakness, halting the S&P 500's nine-day rally amid hawkish Fed signals and renewed Middle East tensions. South Korean authorities convened an emergency meeting, pledging "immediate measures" against market volatility and warning of record-high stock margin debt. The adjustment rippled across assets: Bitcoin fell to around $64,000, its lowest since February, while safe-haven gold rose 1% on bargain hunting. Oil prices dipped on Middle East ceasefire news. Market analysts noted the sell-off was driven by profit-taking after massive gains, particularly in chip stocks like Samsung and SK Hynix, which now dominate the KOSPI. Wall Street banks are divided on Korea's outlook, with Goldman Sachs raising its target while Citigroup and others warn of overvaluation and a potential bubble. Bridgewater's Ray Dalio noted that great technological shifts often create bubbles. Meanwhile, Fed officials' hints at potential future rate hikes added to the cautious mood ahead of key U.S. jobs data.

华尔街日报Hace 53 min(s)

AI Trading Cools, South Korean Stocks Plunge 1.8%, Spot Gold Rises 1%, Bitcoin Dives

华尔街日报Hace 53 min(s)

Seeking Alpha's Hot Article: Why Might the U.S. Stock Market Crash in June?

In a recent Seeking Alpha article, financial professor and analyst Damir Tokic argues that the US stock market may be poised for a significant crash in June 2026. The core thesis centers on a "mega-bubble" in equities, particularly within the technology sector, which has driven the S&P 500 to near-record valuations, with a Shiller P/E ratio exceeding 40—a level comparable to the 2000 dot-com bubble. Tokic identifies two primary catalysts for a potential collapse. First, he points to unsustainable market exuberance fueled by what he terms the "Trump Stimulus"—massive AI capital expenditure by tech giants, which he believes is politically driven and cannot last. Second, and more urgently, he highlights the escalating Iran war as a critical threat. The ongoing closure of the Strait of Hormuz has created a severe global energy supply crunch. Strategic petroleum reserves are projected to hit critically low operational levels by June, potentially causing oil prices to spike above $200 per barrel and triggering a severe, supply-driven inflationary shock. This scenario, Tokic warns, would force the Federal Reserve's hand. Despite currently maintaining a dovish bias, the Fed would likely be compelled to officially pivot to a hawkish stance at its June FOMC meeting to combat soaring inflation and bond yields. He contends that such a shift—or even a failure to act, which would destroy Fed credibility—could be the trigger that punctures the market bubble. The resulting downturn, he concludes, could rival the bear markets of 2000 and 2008, advising investors to prepare for a major correction.

marsbitHace 1 hora(s)

Seeking Alpha's Hot Article: Why Might the U.S. Stock Market Crash in June?

marsbitHace 1 hora(s)

Trading

Spot
Futuros
活动图片