Decentralized change (DEX) aggregator Matcha Meta suffered a safety breach on Sunday by way of one among its main liquidity suppliers, SwapNet, within the newest cyberattack tied to exploiting smart-contract vulnerabilities.
Matcha Meta disclosed the breach in a submit on X on Sunday, warning that customers who had beforehand granted token approvals to SwapNet’s router contract could also be in danger. The protocol urged customers to right away revoke all approvals granted to SwapNet’s router contract to stop additional losses.
Estimates of the stolen funds fluctuate. Blockchain safety firm CertiK stated about $13.3 million was taken, whereas PeckShield stated no less than $16.8 million was stolen on the Base community.
“To date, ~$16.8M value of crypto has been drained. On Base, the attacker swapped ~10.5M USDC for ~3,655 ETH and has begun bridging funds to Ethereum,” wrote PeckShield in a Monday X submit, urging customers to revoke all approvals associated to the protocol.
CertiK stated the exploit stemmed from an “arbitrary name in @0xswapnet contract that permit attacker to switch funds permitted to it.”
Matcha Meta stated the publicity was linked to SwapNet reasonably than its personal infrastructure. Cointelegraph has contacted Matcha Meta for touch upon the reason for the vulnerability and any plans to compensate affected customers or strengthen safeguards, however had not acquired a response by publication.
The incident comes two weeks after one other smart-contract exploit resulted in $26 million in losses from the offline computation protocol Truebit and a 99% crash for the Truebit (TRU) token, Cointelegraph reported on Jan. 8.
Associated: Bitcoin investor loses retirement fund in AI-fueled romance rip-off
Sensible contracts the most important goal for crypto hackers
Sensible-contract flaws have emerged because the main reason for crypto losses. Sensible-contract vulnerabilities accounted for 30.5% of all of the crypto exploits in 2025, with 56 cybersecurity incidents, in accordance with SlowMist’s year-end report.
Account compromises and hacked X accounts accounted for twenty-four% in second place.
Associated: Faux MetaMask 2FA safety checks lure customers into sharing restoration phrases
Safety researchers say advances in synthetic intelligence are additionally reshaping how vulnerabilities are recognized.
In December, commercially accessible generative AI brokers uncovered $4.6 million value of smart-contract exploits in current protocols, by way of Anthropic’s Claude Opus 4.5, Claude Sonnet 4.5 and OpenAI’s GPT-5.
Journal: Meet the onchain crypto detectives preventing crime higher than the cops