SwapNet Exploit Drains $17M, Exposes DeFi Approval Risks

TheNewsCrypto2026-01-26 tarihinde yayınlandı2026-01-26 tarihinde güncellendi

Özet

A significant security breach occurred at DEX aggregator SwapNet, resulting in a loss of approximately $16.8 million. The exploit was first identified by security firm PeckShield. The attacker swapped $10.5 million in USDC for Ether on Base network and bridged the funds to Ethereum. The vulnerability stemmed from users disabling the "One-Time Approval" feature designed to restrict token permissions. By doing so, they inadvertently granted direct and persistent approvals to underlying contracts, including SwapNet’s router, which the attacker exploited. Matcha Meta, the meta-DEX aggregator through which SwapNet was accessed, clarified that the issue did not originate from its core system but from this user configuration choice. SwapNet paused its contracts to mitigate further damage and investigate the incident. Users were urged to revoke approvals granted outside the One-Time Approval framework, especially for SwapNet’s router. The event underscores a critical DeFi trade-off: one-time approvals enhance security but add friction, while unlimited approvals improve usability but create persistent risk if a platform is compromised. This incident is part of a broader pattern of exploits targeting unverified code and standing approvals, highlighting ongoing risks in DeFi’s interconnected ecosystem. SwapNet has not yet released a technical post-mortem or confirmed user compensation.

A massive smart contract hack has been identified in the on-chain DEX aggregator SwapNet, which resulted in crypto assets to the tune of close to $16.8 million being siphoned off.

Peck Shield, a security company, first reported the attack, noting the suspicious action on the platform’s SwapNet integrations, which can be found through Matcha Meta, a meta-Dex aggregator platform that the 0x team designed. On the Base network, the hacker swapped $10.5 million in USDC tokens for approximately 3,655 Ether. The attacker then bridged the funds to the Ethereum network, which can be complicated to track and trace.

Matcha Meta explained, however, that the bug didn’t even emanate from its primary stack. The issue for users began with them disabling 0x’s own feature, called “One-Time Approval,” which is designed to restrict tokens’ permissions. In disabling this, users inadvertently allowed approvals directly, rather than restricting them, even for underlying aggregator contracts like SwapNet’s router, which is used by this attacker.

Matcha Meta recognized this publicly and stated that it had collaborated with the SwapNet team. SwapNet had paused the smart contracts to contain the damage and identify the exploit path for their investigation.

Approval settings under scrutiny

The platform urged users to immediately revoke approvals granted outside the One-Time Approval framework. It highlighted SwapNet’s router contract as a priority target for revocation. Without intervention, wallets would have remained exposed even after the exploit stopped.

This situation highlights an important trade-off inherent in DeFi applications. With One-Time Approvals, each transaction must be separately authorized. This, of course, helps with reduced permissions but also introduces friction. By contrast, Unlimited approvals facilitate smooth trading but grant contracts persistent access to funds. When attackers compromise a contract, those standing permissions become a direct risk.

SwapNet has not yet published a detailed technical post-mortem. The team also has not confirmed whether it will compensate affected users. That lack of clarity adds pressure on aggregator platforms to improve transparency and tighten integration standards.

Broader pattern of smart contract risks

The SwapNet exploit has not happened in a vacuum. In fact, on the same day, a different Ethereum exploit was spotted by Pashov, a security auditor, where about 37 WBTC, valued at over $3.1 million, was stolen. The exploit targeted a closed-source and unverified code deployed just weeks earlier. In fact, this code exposed the bytecode only, and it was difficult to evaluate it easily.

All of these attacks create a sense of a topological threat landscape on DeFi protocols, specifically around unverified codes, continuous token approvals, and complex routing layers connecting various protocols. Clearly, in spite of improved audits and better tools, threat actors continue to leverage design optimization and integration blind spots.

As DeFi grows more interconnected, developers must harden approval systems and reduce hidden trust assumptions. Meanwhile, users must actively manage permissions and understand the security implications of convenience features. The SwapNet exploit shows that small configuration choices can have multi-million-dollar consequences.

Highlighted Crypto News:

Japan Targets First Crypto ETFs Approval by 2028

İlgili Sorular

QWhat was the total amount of crypto assets drained in the SwapNet exploit?

AClose to $16.8 million (or $17 million) in crypto assets was drained.

QWhich security company first reported the SwapNet attack and on which platform's integrations was the suspicious action noted?

APeckShield first reported the attack, noting the suspicious action on the platform's SwapNet integrations, which can be found through Matcha Meta.

QWhat specific user action, related to a 0x feature, inadvertently allowed the vulnerability to be exploited?

AUsers disabling the 'One-Time Approval' feature, which is designed to restrict tokens' permissions, inadvertently allowed direct and persistent approvals.

QAccording to the article, what is the critical trade-off between 'One-Time Approvals' and 'Unlimited Approvals' in DeFi?

AOne-Time Approvals reduce permissions but introduce friction by requiring separate authorization for each transaction, while Unlimited Approvals facilitate smooth trading but grant contracts persistent access to funds, creating a direct risk if a contract is compromised.

QBesides the SwapNet incident, what other exploit was reported on the same day and what was the value of the assets stolen?

AA different Ethereum exploit was spotted by security auditor Pashov on the same day, where about 37 WBTC, valued at over $3.1 million, was stolen.

İlgili Okumalar

Deutsche Börse Drops $200M On Kraken In Push Toward Hybrid Crypto Markets

Deutsche Börse Group has invested $200 million in Kraken's parent company, Payward, acquiring a 1.5% fully diluted stake. This investment, part of a secondary transaction, aims to advance Deutsche Börse's digital asset strategy and provide institutional clients with regulated crypto services. The deal, expected to close in Q2 2026, deepens a partnership established in 2025. Separately, Kraken reported a security incident where a criminal group accessed limited client support data for about 2,000 accounts, though no funds were at risk. Meanwhile, Bitcoin and Ethereum saw significant price rallies, with Bitcoin climbing back to $75,600.

bitcoinist1 saat önce

Deutsche Börse Drops $200M On Kraken In Push Toward Hybrid Crypto Markets

bitcoinist1 saat önce

Zoomex Launches ZoomexStocks: Trade Global Equities With USDT + Limited-Time Fee Rebate Campaign

Zoomex has launched ZoomexStocks, a new feature enabling users to trade global equities using USDT without a traditional brokerage account. Initially offering 12 U.S. assets—including tech stocks like Apple and NVIDIA, indices, and crypto-related equities—the platform allows trading with as little as 5 USDT. It eliminates the need for fiat deposits or account switching, providing a unified experience for crypto users. Prices mirror real-market data, and trading is available 24/7. A limited-time campaign offers up to 100 USDT in fee rebates to new users. ZoomexStocks aims to simplify multi-asset portfolio management within a single platform.

TheNewsCrypto2 saat önce

Zoomex Launches ZoomexStocks: Trade Global Equities With USDT + Limited-Time Fee Rebate Campaign

TheNewsCrypto2 saat önce

ABA Challenges White House Report On Stablecoins, Flags Major Concerns

The American Bankers Association (ABA) is challenging a White House Council of Economic Advisers (CEA) report on stablecoins, arguing it misrepresents the core policy risks. The ABA contends the report focuses incorrectly on the minor near-term lending effects of prohibiting yield on payment stablecoins, which it deems a "rounding error." Instead, the ABA emphasizes the real concern is the potential consequence of allowing yield, which could accelerate deposit flight—especially from community banks—as the stablecoin market grows from $300 billion to a projected $1–$2 trillion. This migration could raise banks' funding costs and significantly reduce local lending, with state-level impacts potentially reaching billions of dollars. The association warns policymakers against complacency, urging them to address the risks of an expanding yield-paying stablecoin ecosystem.

bitcoinist2 saat önce

ABA Challenges White House Report On Stablecoins, Flags Major Concerns

bitcoinist2 saat önce

JPMorgan, Bank of America, and Citigroup: A Comprehensive Analysis of the 'Hidden Risks' Behind the Big Three's Earnings Reports

JPMorgan Chase, Bank of America, and Citigroup's latest earnings reports reveal underlying risks beyond headline revenue and profit figures. JPMorgan faces scrutiny over its alternative investment portfolio, particularly in private credit and private equity, amid rising interest rates. Its loan loss provisions will be closely watched as an indicator of economic health. Bank of America, while benefiting from interest-sensitive assets, grapples with operational complexity and efficiency challenges. Its heavy exposure to U.S. retail banking makes it vulnerable to shifts in consumer credit quality. Citigroup, still in a strategic restructuring, remains highly dependent on co-branded credit cards—a segment prone to higher risk during economic downturns. Key themes across all three include net interest margin trends, investment banking recovery signals, and capital management strategies. Together, their results offer critical insights into the late-cycle economy, credit conditions, and potential macroeconomic shifts. Investors are advised to distinguish between cyclical fluctuations and structural changes when assessing performance.

marsbit2 saat önce

JPMorgan, Bank of America, and Citigroup: A Comprehensive Analysis of the 'Hidden Risks' Behind the Big Three's Earnings Reports

marsbit2 saat önce

0G Labs Launches Consumer-Grade AI Development Platform Based on Decentralized Infrastructure

0G Labs has launched 0G App, a consumer AI development platform that enables users to build applications using natural language instructions without coding. It combines decentralized infrastructure, privacy-preserving Trusted Execution Environment (TEE) verification, and integrated token and AI agent deployment. The platform aims to bridge the gap between Web2 usability and Web3 infrastructure, allowing users to create, preview, and deploy applications entirely within a unified ecosystem. Key features include support for real-time iteration, hardware-secured AI inference (using Intel TDX and NVIDIA H100/H200), and the use of the GLM-5 74.4B parameter model. Additionally, 0G App includes a "Launcher Hub" for app, agent, and token deployment, with compute resources tied to the $0G token. Applications can be deployed to platforms like Vercel while storing data on 0G’s decentralized storage layer.

marsbit3 saat önce

0G Labs Launches Consumer-Grade AI Development Platform Based on Decentralized Infrastructure

marsbit3 saat önce

İşlemler

Spot

Futures