Decentralized exchange (DEX) LeetSwap, a protocol native to Coinbase’s Base network, has halted its operations due to fears of a possible exploit. This follows reports that about 30 meme coins were recently rug-pulled on the Base network.
BALD, a meme token inspired by the Coinbase CEO, is the most notable of the rugged coins. According to on-chain data, the project’s developer removed 6,800 ETH ($12.5 million) from the liquidity pool on LeetSwap, causing an 85% nosedive in price.
Related Reading: Crypto World In Uproar: Is SBF The Puppet Master Of BALD?
LeetSwap Halts Trading To Investigate Potential Exploit
On Tuesday, August 1, LeetSwap announced a pause on its operations due to fears of a potential exploit. The protocol stated in a tweet that it noticed some of its liquidity pools may have been compromised and temporarily halted trading in order to investigate.
As our DEX is forked from Solidly, our factory had a security pause function.
We noticed that some pool liquidity might have been compromised and we temporarily stopped the trading to investigate.
— LeetSwap (@LeetSwap) August 1, 2023
In another tweet, Base-native LeetSwap has disclosed that it is working with on-chain security experts in an attempt to recover locked liquidity. The decentralized exchange also told its users they may remove unlocked liquidity from the pools.
Although information from LeetSwap has been limited, commentary from the crypto Twitter community and on-chain sleuths has provided some insight into how the exploit might have occurred.
Wintermute’s head of research Igor Igamberdiev claims that the DEX’s exploit was “easy,” with the attacker using an “exposed” smart contract function to drain WETH (wrapped Ether) from its liquidity pool. He added that about 342 ETH (worth $626,000) was stolen.
Additionally, the LeetSwap exploit has been confirmed by various blockchain security firms, including Certik, Peckshield, and Beosin. This latest attack may be a source of concern in the crypto space, especially after a horrid run of security issues in July.
$165 Million Lost To Crypto Hacks In July, PeckShield Reports
July saw a surge in crypto hacks, with DeFi protocols being the major targets of these attacks. According to a monthly security report by PeckShield, the crypto industry suffered over 48 major exploits in the last month, culminating in a $165.1 million loss.
Interestingly, this figure doesn’t include the Multichain exploit, which saw roughly $209 million drained from the cross-chain protocol.
Excluding the Multichain $209 million loss, the largest exploit was the Vyper reentrancy attack that primarily targeted Curve Finance pools. However, a group of other DeFi protocols were also affected, leading to a total loss of over 65 million.
This followed the $37 million hack suffered by the crypto payments platform CoinsPaid. The firm believes North Korean hacking organization Lazarus Group is responsible for this attack.
Other notable exploits include the $26 million lost by Poly Network in an access control hack and $23 million by AlphaPo in a similar attack.