An On-Chain DEX Aggregator Just Lost $17 Million in Major Smart Contract Attack
On-chain decentralized exchange (DEX) aggregator, SwapNet, has suffered a major smart contract exploit that drained nearly $16.8 million in crypto assets.
The incident highlights persistent security risks tied to token approvals and third-party routing contracts in decentralized finance (DeFi).
On-Chain DEX Aggregator SwapNet Suffers $16.8 Million ExploitPeckShield reported that the attacker targeted SwapNet-linked activity accessible through Matcha Meta, a meta DEX aggregator built by the 0x team.
On the Base network, the attacker swapped approximately $10.5 million in USDC for around 3,655 ETH before bridging the funds to Ethereum, a common tactic used to complicate tracking and recovery efforts.
#PeckShieldAlert Matcha Meta has reported a security breach involving SwapNet. Users who opted out of "One-Time Approvals" are at risk.
So far, ~$16.8M worth of crypto has been drained.
On #Base, the attacker swapped ~10.5M $USDC for ~3,655 $ETH and has begun bridging funds to… https://t.co/QOyV4IU3P3 pic.twitter.com/6OOJd9cvyF
Matcha Meta articulated that the exposure did not stem from its core infrastructure. Instead, the affected users were those who had opted out of 0x’s One-Time Approval system, a security feature designed to limit ongoing token permissions.
Users who disabled this option granted direct approvals to underlying aggregator contracts, including SwapNet’s router, which ultimately became the attack vector.
“We are aware of an incident with SwapNet that users may have been exposed to on Matcha Meta for those who turned off One-Time Approvals,” Matcha Meta said in a statement.
The platform confirmed it is coordinating with the SwapNet team, which has temporarily disabled the affected contracts while investigations continue.
As a precaution, Matcha Meta urged users to immediately revoke approvals to individual aggregators outside of 0x’s One-Time Approval framework.
The platform highlighted SwapNet’s router contract (0x616000e384Ef1C2B52f5f3A88D57a3B64F23757e) as the most urgent approval to revoke. Failure to do so could leave wallets exposed even after the exploit has been contained.
As a precaution, we recommend revoking all approvals to individual aggregators outside of 0x's One-Time Approval contracts.
Most timely is SwapNet's router contract at 0x616000e384Ef1C2B52f5f3A88D57a3B64F23757e https://t.co/NpwRWtVwzb