Decentralized exchange (DEX) LeetSwap, operating on Coinbase’s Base network, has temporarily halted trading due to concerns over a potential exploit.
According to an Aug. 1 tweet from LeetSwap, the exchange detected suspicious activity in some of its liquidity pools and decided to pause trading immediately to conduct an investigation. The DEX is currently collaborating with renowned on-chain security experts to recover the locked liquidity.
As our DEX is forked from Solidly, our factory had a security pause function.We noticed that some pool liquidity might have been compromised and we temporarily stopped the trading to investigate.— LeetSwap (@LeetSwap) August 1, 2023
While LeetSwap did not share specific details, blockchain analysts have shed some light on how the exploit might have occurred.
According to Igor Igamberdiev, the head of research at algorithmic market maker Wintermute, the attacker likely utilized an exposed smart contract function to manipulate the price of a token. This manipulation would have enabled them to drain Wrapped Ethereum (WETH) from LeetSwap’s liquidity pools.
It was easy:– swap a bit of WETH for X tokens (should have fees)– call _transferFeesSupportingTaxTokens(address, uint256) to move token to a Fees contract– call sync()– swap X tokens for all WETH from the poolDon’t think that this function should be publicGG WP pic.twitter.com/a7vXvWf0HY— Igor Igamberdiev (@FrankResearcher) August 1, 2023
The attack reportedly allowed the attacker to steal approximately 342.5 ETH, equivalent to over $630,000.
Blockchain security firms, including PeckShield, BlockSec, and CertiK, have confirmed Igamberdiev’s theory and the extent of the exploited funds in separate statements on social media.
Our analysis shows the root case is from the exposed LeetSwapV2Pair::_transferFeesSupportingTaxTokens() function, which is hardly forked from solidly. https://t.co/orupeZNt1B pic.twitter.com/MSYskyhMXU— PeckShield Inc. (@peckshield) August 1, 2023
Approximately an hour and a half after the initial announcement, LeetSwap provided an update, assuring users that they are actively collaborating with security experts to find a viable solution to recover the locked liquidity.
“If you did not lock your liquidity, you are free to remove it from the pools,” the decentralized exchange added.
You might also like:
SEC did not ask Coinbase ‘at any point’ to delist assets, the exchange admits
Double blow on LeetSwap
It has been a challenging day for Base’s leading DEX, LeetSwap, as this security concern comes on the heels of another setback. The popular meme coin, Bald, experienced a sharp drop in value after its developer withdrew a staggering 6,800 ETH (approximately $12.5 million) from the token’s liquidity pool on LeetSwap.
At the time of writing, LEET, the native token of DEX LeetSwap, is trading at $14.92, having lost 18.4% in price over the last 24 hours, CoinGecko data shows.
Coinbase’s Base network, which opened its mainnet for developers on July 13, aims to provide faster and more cost-effective cryptocurrency transactions while maintaining the robust security features of the Ethereum blockchain.
BALD meme coin surges 40,000% in 48 hours and then plunges
Follow Us on Google News