- LeetSwap has halted trading after an exploit to its liquidity pairs left the exchange drained of $360k worth of ETH.
- The exchange has assured users that on-chain security experts were trying to recover the locked liquidity.
LeetSwap, the decentralized exchange, has halted training activities after $360k worth of Ether (ETH) was drained from its liquidity provider (LP) pairs.
What is LeetSwap?
LeetSwap is a growing DEX and DeFi ecosystem built on the newest blockchains with a focus on maintaining a secure, quick, and user-friendly experience while introducing novel approaches and concepts to the space.
“As our DEX is forked from Solidly, our factory had a security pause function. We noticed that some pool liquidity might have been compromised, and we temporarily stopped the trading to investigate,” the exchange tweeted on Tuesday.
Although the exchange did not provide many details, some blockchain detectives have speculated on how the exploit likely occurred.
Igor Igamberdiev, the research director of algorithmic market maker Wintermute, believes the attacker used an exposed smart contract function to increase the price of a token, allowing them to drain $1,835 worth of wrapped Ether ETH tickers from LeetSwap’s liquidity pools. He added the potential exploit has seemingly netted the attacker 342.5 ETH, worth over $630,000.
Smart contract audit company Beosin Alert tweeted, with pictorial evidence, that the attack exploited the “_transferFeesSupportingTaxTokens” function LeetSwap’s axlUSD/WETH pair contract before selling the tokens for profit.
LeetSwap Base Website Under Attack
Hours after the exploit, the LeetSwap website on Base, Coinbase’s Layer 2 blockchain, went under following a DDoS attack on their servers. The exchange explained that the attack happened despite the servers being proxied and cached behind Cloudflare, the global cloud services provider.
LeetSwap has assured users that efforts were being made by on-chain security experts to recover the locked liquidity. However, it informed users who did not lock their liquidity that they were free to remove them from pools. In addition, tax tokens were required to “remove their taxes on swaps and transfers, max wallets, and max transaction limits for the exchange to salvage the liquidity” before midnight UTC.
LeetSwap has also offered the exploiter an agreement to keep 50ETH if they return the rest of the stolen funds to the LeetSwap deployer wallet and keep their use of the Base bridges.
LeetSwap Liquidity Plummets After Attack
According to DeFiLlama data, LeetSwap had $41.2 million in deposits on Monday as meme coin mania exploded on Base.
Since the rug pull fraud involving BALD tokens, the DEX’s liquidity has plummeted. The popularity of BALD tokens, which expanded last month, was a mirage after the token’s deployer removed $25.6 million in liquidity.
Reports indicate that FTX and Alameda deposited funds into the BALD developer wallet over more than two years, which has led some to speculate that former FTX CEO Sam Bankman-Fried may have orchestrated the scam. The DEX currently contains deposits worth $7.17 million.
