Decentralized exchange (DEX) Clipper experienced a security incident at 4 a.m. UTC on December 1, targeting its liquidity pools on Optimism and Base.
Chaofan Shou, co-founder of security firm Fuzzland, initially attributed the exploit to a private key leak, allowing the attacker to authorize deposit and withdrawal transactions. Clipper, however, refuted this explanation, saying its security model is specifically designed to guard against such problems.
The feat
According to Clipper’s latest update, the attack resulted in a loss of approximately $450,000, which represents approximately 6% of its total value locked (TVL). While the attacker attempted to exploit other chains, these attempts failed, leaving them and the pools intact.
The exploit has since been mitigated and Clipper assured that it took immediate action to protect user funds and investigate the breach. All cross-chain swaps and deposits have been temporarily suspended as a precautionary measure.
However, withdrawals remain fully functional, in line with Clipper’s non-custodial nature, which ensures users retain control of their assets. It is important to note that withdrawals must currently include a combination of all assets in the pool, as the ability to withdraw a single token – identified as the exploited feature – has been disabled.
Responding to speculation about the nature of the incident, Clipper clarified that the exploit was not caused by a private key leak. The team behind DEX is actively collaborating with security experts to investigate the breach and carefully implement enhanced protection measures.
“In addition to the investigation, efforts have been initiated to trace the funds in an attempt to recover them. If you are the exploiter and would like to speak, please contact us directly. Clipper is committed to transparency and will provide further updates to the community as more information becomes available.
DeFi Ravage Hacks
According to Immunefi’s November 2024 report, hacks were responsible for an incredible 99.96% of all crypto losses that month. At the same time, fraud and fraudulent thefts have decreased significantly, accounting for just $25,300 for two incidents.
The decentralized finance (DeFi) sector was hit the hardest, suffering $71 million in losses, the second lowest monthly total of the year and a sharp drop from $343 million in November 2023 .
Binance Free $600 (CryptoPotato Exclusive): Use this link to create a new account and receive an exclusive $600 welcome offer on Binance (all details).
LIMITED OFFER for CryptoPotato readers at Bybit: Use this link to sign up and open a FREE $500 position on any coin!
