Clipper confirms $450,000 hacker attack was caused by a cash withdrawal bug, not a private key leak

PA一线｜2024-12-02 14:43

PANews reported on December 2 that according to Cointelegraph, the decentralized exchange (DEX) Clipper confirmed that the recent $450,000 hacker attack it suffered was caused by a vulnerability in the withdrawal function, rather than a private key leak as previously speculated by the outside world.

According to Clipper’s statement on the X platform on December 1, the attacker exploited vulnerabilities in two liquidity pools, accounting for about 6% of the total locked value (TVL). Currently, the vulnerability has been fixed and other liquidity pools are not affected. Clipper said that the attack involved a "single token withdrawal function" (bundled exchange and withdrawal transactions), which is now disabled. The Clipper team is conducting a full investigation and has suspended the exchange and deposit functions of the protocol, but the withdrawal function is still available, provided that it is completed in the form of a combination of all assets in the pool.

According to an earlier analysis by Chaofan Shou, co-founder of security company Fuzzland, the attack may involve an API vulnerability that allows attackers to sign forged deposit and withdrawal requests, thereby stealing funds. Clipper explicitly denied that it was related to the private key leak and said that the assumption was inconsistent with its security architecture.

Clipper has now begun tracking the stolen funds and has issued a contact request to the attackers to try to recover the assets.

Original Link

Author ：PA一线
This article reflects the opinions of PANews's columnist and does not represent the stance of PANews. PANews does not assume legal responsibility. The article and opinions do not constitute investment advice.
Image Source ： PA一线 If there is any infringement, please contact the author to remove it.