Decentralized exchange (DEX) Clipper experienced a security incident at 4 am UTC on December 1, targeting its liquidity pools in Optimism and Base.
Chaofan Shou, co-founder of security company Fuzzland, initially attributed the exploit to a private key leak, which allowed the attacker to authorize deposit and withdrawal transactions. Clipper, however, has refuted this explanation, stating that its security model is specifically designed to protect against such problems.
The feat
According to the latest update On Clipper’s part, the attack resulted in the loss of approximately $450,000, representing around 6% of its total value locked (TVL). While the attacker attempted to exploit other chains, these attempts were unsuccessful, so neither they nor the groups were affected.
The exploit has since been mitigated and Clipper said it has taken immediate steps to safeguard user funds and investigate the breach. All cross-chain swaps and deposits have been temporarily suspended as a precautionary measure.
However, withdrawals remain fully functional, in line with Clipper’s non-custodial nature, which ensures users maintain control over their assets. It is important to note that withdrawals must currently include a combination of all assets in the pool, as the ability to withdraw a single token (identified as the exploited feature) has been disabled.
Addressing speculation about the nature of the incident, Clipper clarified that the exploit was not caused by a private key leak. The team behind DEX is actively collaborating with security experts to investigate the breach and thoroughly implement enhanced security measures.
“In addition to the investigation, a fund tracing effort has been initiated to attempt recovery. If you are the exploiter and are willing to talk, please reach out directly. Clipper is committed to transparency and will provide further updates to the community as more information becomes available.”
Hacks devastate DeFi
According to Immunefi’s November 2024 report, hacks were responsible for a staggering 99.96% of all crypto losses that month. Meanwhile, fraud and theft decreased significantly, accounting for just $25,300 in two incidents.
The decentralized finance (DeFi) sector was the hardest hit, suffering losses of $71 million, the second lowest monthly total of the year and a sharp drop from $343 million in November 2023.
Binance Free $600 (CryptoPotato Exclusive) – Use this link to register a new account and receive an exclusive welcome offer of $600 on Binance (full details).
LIMITED OFFER for CryptoPotato readers on Bybit: Use this link to register and open a FREE $500 position in any coin!
