Matcha Meta breach via SwapNet exploit drains up to $16.8M

News

Decentralized exchange aggregator Matcha Meta reported a security incident on Sunday linked to its primary liquidity provider, SwapNet, and urged users to revoke one-time approvals to SwapNet’s router after an exploit on the Base blockchain drained up to $16.8 million.

In an X post on Sunday, Matcha Meta cautioned that users who had disabled one-time token approvals may be at risk and advised all users to immediately revoke any approvals granted to the SwapNet router to limit further exposure to this security breach.

Loss estimates vary among blockchain security firms. CertiK assessed the theft at about $13.3 million, while PeckShield reported at least $16.8 million on Base. In a Monday X update, PeckShield said the attacker swapped roughly 10.5M USDC for about 3,655 ETH and has begun bridging funds to Ethereum, and it urged users to revoke all approvals related to the protocol.

CertiK attributed the breach to an arbitrary call in the @0xswapnet contract that allowed the attacker to transfer funds previously approved to it.

Matcha Meta said the exposure stemmed from SwapNet rather than its own infrastructure.

Source: Matcha Meta

The incident follows a separate smart-contract exploit two weeks earlier that resulted in $26 million in losses at the offline computation protocol Truebit on Jan. 8, alongside a 99% drop in the Truebit (TRU) token.

Smart contracts remain the primary target in crypto security incidents

Smart-contract vulnerabilities were the leading driver of crypto losses in 2025, accounting for 30.5% of all exploits across 56 cybersecurity incidents, according to SlowMist’s year-end report.

Account takeovers, including compromised and hacked X accounts, ranked second at 24%.

Distribution of causes for security incidents in 2025. Source: SlowMist

Security researchers say advances in artificial intelligence are reshaping how weaknesses are detected. In December, commercially available generative AI agents identified $4.6 million worth of smart-contract issues across existing protocols using Anthropic’s Claude Opus 4.5, Claude Sonnet 4.5 and OpenAI’s GPT-5.

Stay informed, read the latest news right now!

Disclaimer

The content on TrustsCrypto.com is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets are highly volatile, always do your own research before making decisions.

Some content may be assisted by AI and reviewed by our editorial team, but accuracy is not guaranteed. TrustsCrypto.com is not responsible for any losses resulting from the use of information provided.

admin

Finance Redefined: BlackRock Enters DeFi, ETF Flows Mixed

Finance Redefined: BlackRock Enters DeFi, ETF Flows Mixed

Bessent: Pass CLARITY Act Soon to Lift Crypto Sentiment

Bessent: Pass CLARITY Act Soon to Lift Crypto Sentiment

Crypto Today: Binance Break-In; CFTC Adds Execs; WLFI Plans FX

Crypto Today: Binance Break-In; CFTC Adds Execs; WLFI Plans FX

PGI Founder Ramil Palafox Gets 20 Years for $200M Bitcoin Ponzi

PGI Founder Ramil Palafox Gets 20 Years for $200M Bitcoin Ponzi

Aave Labs Seeks $50M to Route Product Revenue to Aave DAO

Aave Labs Seeks $50M to Route Product Revenue to Aave DAO

ETHZilla launches jet engine-backed token in tokenization pivot

ETHZilla launches jet engine-backed token in tokenization pivot

Leave a Reply

Your email address will not be published. Required fields are marked *