in More News

Clipper’s $450K Hack: Withdrawal Bug Blamed

126 Views 0 Votes 0 Comments

Decentralized exchange Clipper announced a $450,000 hack on Dec. 1, attributing the loss to a withdrawal vulnerability rather than a private key breach. Two liquidity pools were affected, accounting for 6% of Clipper’s total value locked (TVL). Other pools were untouched, and the exploit has been stopped.

The flaw involved withdrawing funds in a single token through a bundled swap and deposit. Clipper has disabled this function to prevent further attacks.

Rejecting Private Key Leak Theories

Clipper refuted claims of a private key compromise, explaining that its security design rules out such issues.

However, security expert Chaofan Shou suggested an API vulnerability might have enabled the hacker to manipulate deposit and withdrawal transactions.

Recovery Efforts

Swaps and deposits have been suspended, but withdrawals remain active with conditions. Clipper is tracking the stolen funds and has invited the hacker to negotiate.

$450KAPI vulnerabilityChaofan ShouClippercrypto theftdecentralized exchangedeposits disabledDEXhackImmunefiliquidity pool exploitliquidity poolsprivate key leaksecurity flawShipyard Softwarestolen fundsswaps pausedtracing fundswithdrawal vulnerability

What do you think?

0 Points
Upvote Downvote

Written by cryptojournalist

A journalist that loves crypto

Leave a Reply

GIPHY App Key not set. Please check settings

NFTs Bounce Back Big

Brazil Proposes Ban on Stablecoin Withdrawals to Self-Custodial Wallets