- RocketSwap, a decentralized exchange (DEX) built on the Base Layer 2 network, has been hacked.
- This was discovered by a security firm PeckShield which noted that the criminals stole 471 ETH ($870,000).
- RocketSwap has admitted to the attack and reported that they had shut down the farm to prevent further damage.
RocketSwap, a decentralized exchange (DEX) built on the Base Layer 2 network, has been hacked. Security firm PeckShield said the criminal stole 471 ETH ($870,000). In an audacious attack, the hacker carried out an intricate plan, transferring the stolen assets onto the Ethereum network and creating a memecoin.
The RocketSwap team said that the attack was caused by a series of lapses, including the DEX’s use of offline signatures in the launchpad deployment and the decision to store private keys on the server.
According to PeckShield’s alert to RocketSwap on X (Twitter), the post read;
“exploiter has grabbed ~471 $ETH and bridged them from #Base to #Ethereum, and then created the token $LoveRCKT, the exploiter already supplied 90T $LoveRCKT and 400 $ETH to #Uniswap”.
Following the incident, some social media users accused the team of rug-pulling; a tactic involving a scam where developers vanish after attracting a significant amount of funds, but the team maintains that a third-party hacker is to blame. But the team has refuted the claims, insisting a third-party hacker did the job by executing a brute force assault on a cloud server used by the project. The hacker then extracted RocketSwap’s private keys and then made asset transfers from its yield farm.
RocketSwap’s response
RocketSwap made the following post on x, after the attack;
“We are sorry to inform you that the team needed to use offline signatures when deploying the launchpad and put the private keys on the server. A brute force hack of the server was detected, and due to the proxy contract used for the farm contract, there were multiple high-risk permissions that led to the transfer of the farm’s assets. We shut down the farm to prevent further damage. The team is currently working on an emergency plan and the Telegram group has been banned for the time being. The loss of farm assets is only a concern, DEX is not affected in any way. We are very sorry for your loss”.
The statement read.
This is the second serious security breakdown on the Base network in rapid succession, following a compromise on another decentralized exchange, LeetSwap, which lost $630,000 on July 31.
The Base network’s developer-only mainnet went live in July, kicking off a period confined to developers before a larger public release. Over $200 million in assets have been moved from Ethereum to the network since the developer phase.
A busy day for LoveRCKT
Following the RocketSwap tragedy yesterday, PeckShield spotted that RocketSwap’s hacker migrated the stolen funds from the Base blockchain to Ethereum and swiftly developed a memecoin called LoveRCKT.
On Uniswap, this freshly produced coin was matched with 400 ETH of liquidity. Despite the hacker’s deployment, traders flocked in. The price of LoveRCKT quadrupled in one day, increasing from $0.00000001 to $0.00000003, then plummeting by more than 90%.
This event highlights the expanding issues confronting decentralized platforms, underlining the continued need for increased security and attention in the quickly developing Bitcoin ecosystem.
