🚨 Cryptocurrency Alert: Over $34 million lost overnight
The market has just awakened, and hackers are already at work. In the past few hours, two major attacks have occurred, resulting in total user asset losses exceeding $33.8 million.
Here are the key points you need to know:
1️⃣ SwapNet & Matcha Meta (loss of approximately $16.8 million)
The SwapNet infrastructure protocol was attacked on the Base network. Hackers have exchanged approximately $10.5 million USDC for 3655 ETH and have begun cashing out through the Ethereum network.
⚠️ Matcha Meta users please note: The victims this time are primarily those users who have disabled the “One-Time Approvals” option. The Matcha team has temporarily removed the related restriction feature and is asking all users who previously disabled this option to turn it back on immediately.
2️⃣ Developer Smart Contract Vulnerability (loss exceeding $17 million)
Experts from BlockSec have discovered unusual transactions from two developer addresses across Ethereum, Arbitrum, Base, and BSC networks.
Hackers exploited an “arbitrary function call” vulnerability in non-open-source smart contracts. In short: Hackers took advantage of existing token approvals by executing the transferFrom command to directly siphon off assets.
📍 Hacker's receiving addresses:
• 0xbeef63AE5a2102506e8a352a5bB32aA8B30B3112 (approximately $3.67 million)
• 0x9cb8d9BaE84830b7f5F11ee5048c04a80b8514BA (approximately $13.41 million)
🛡 What should you do?
Immediately check your token approvals through Revoke.cash or similar tools, and revoke authorization for suspicious or long-unused protocols. If you use Matcha, make sure to enable One-Time Approvals. Stay alert: non-open-source contract code often harbors higher security risks.
Protect your assets! 🔒