Decentralized exchange Clipper was exploited for approximately $450,000 after an attacker exploited two liquidity pools on the protocol’s Optimism and Base blockchains.
At 4 a.m. (UTC) on December 1, an attacker manipulated Clipper’s withdrawal function, exploiting its ability to process bulk swaps and withdrawals, Protocol wrote in its first post-incident report.
Funds lost from liquidity pools on Optimism and Base accounted for approximately 6% of the total value locked on the platform; This forced the platform to suspend exchanges and deposits on all chains and disable the ability to withdraw funds only in the form of a single token.
“Withdrawals are still possible as Clipper is unattended and will never stop you from withdrawing funds. However, any withdrawals must be in the mix of all assets in the pool,” Clipper Dex wrote.
Initial investigation by Chaofan Shou, co-founder of security firm Fuzzland, suggested that the exploit was caused by private key leakage, allowing the attacker to sign deposit and withdrawal requests to withdraw funds. However, Clipper refuted these claims, emphasizing that its security architecture was designed to prevent such vulnerabilities.
Meanwhile, Clipper assured his community that all remaining funds were safe and promised regular updates as he continued his investigation. The team is also tracking the stolen assets and has challenged the attacker to dialogue.
The Clipper attack comes just over a month after LayerZero-based Radiant Capital lost more than $50 million on October 18. Hackers managed to infect the systems of three of the protocol’s core developers, allowing them to exploit the lending protocol after gaining control of the protocol. private keys and smart contracts.
Recently, the Thala protocol lost $25.5 million after an upgrade to agricultural contracts created a security vulnerability.
Approximately $88.4 million was lost to crypto attacks in October, according to blockchain security firm PeckShield, bringing total on-chain losses to $181 million.
A recent report from Immunefi highlighted that attacks in November targeted DeFi more than centralized financial platforms, while total crypto losses from 2024 to November showed a 15% decrease compared to the same period last year.