Clipper, a decentralized exchange, has reported a $450,000 hack stemming from a vulnerability in its withdrawal function. The platform refuted allegations of a private key leak, asserting that the exploit does not align with its security framework.
Details of the Exploit
The attack, which occurred on December 1, targeted two liquidity pools and impacted approximately 6% of Clipper’s total value locked (TVL). However, other pools on the platform remained unaffected, and the vulnerability was promptly addressed.
Clipper issued a statement on X clarifying the nature of the breach:
“There have been third-party claims suggesting a private key leak. We can confirm that this is not the case and is inconsistent with the design and security architecture of Clipper.”
Vulnerable Function Disabled
The exploited function allowed users to withdraw funds using a single token, combining swaps with deposit or withdrawal transactions. Following the incident, Clipper disabled this feature to prevent further misuse.
Chaofan Shou, co-founder of the security firm Fuzzland, had previously suggested the hack might have exploited an API vulnerability. According to Shou, attackers manipulated the system to deposit tokens, gain pool shares, and withdraw those shares for a higher token value.
Despite this claim, Clipper emphasized the integrity of its security measures.
Measures Taken Post-Attack
In response to the breach, Clipper paused swaps and deposits. Withdrawals were allowed but only under specific conditions, requiring a mix of all assets in the pool. The exchange is actively tracing the stolen funds and has extended an invitation to the attacker for communication.
Broader Trends in Crypto Hacks
The incident adds to the $1.48 billion in cryptocurrency thefts recorded up to November 2024, reflecting a 15% decline compared to the previous year, as per Immunefi’s report.
Notable Exchange Attacks in 2024
The Clipper hack is part of a broader trend of increasing vulnerabilities across centralized and decentralized exchanges in 2024. Significant incidents include:
- WazirX (India): $235 million breach in July.
- BingX (Singapore): $52 million hack in September.
- BtcTurk (Turkey): $55 million exploit in June.
- XT.com (Seychelles): Suspected $1.7 million hack, leading to withdrawal suspensions.
Additionally, U.S. prosecutors recently charged five individuals involved in an $11 million hacking scheme targeting individuals and businesses. Their operations included phishing attacks and wallet compromises, with one victim reportedly losing over $6.3 million.
Clipper’s Commitment to Security
Clipper remains focused on resolving the situation and strengthening its defenses. Updates will be provided as the investigation progresses
The post Clipper DEX Says Withdrawal Vulnerability Led to $450K Hack, Denies Private Key Leak appeared first on Cryptonews.
