Matcha Meta Suffers $16.8M Breach Linked To SwapNet, Users Urged To Revoke Token Approvals

Real-time blockchain security monitoring service PeckShieldAlert has disclosed that the decentralized exchange (DEX) aggregator Matcha Meta was affected by a security incident connected to SwapNet, an external routing service integrated into its trading infrastructure. 

The alert indicated that users who had chosen to disable 0x’s “One-Time Approvals” feature were particularly exposed to risk as a result of the way token permissions were configured.

PeckShieldAlert reported that approximately $16.8 million worth of digital assets had been removed from affected wallets. On the Base network, the attacker converted roughly 10.5 million USDC into about 3,655 ETH and subsequently began transferring the funds toward the Ethereum mainnet through cross-chain bridging mechanisms, a step commonly used to complicate transaction tracing.

In response to the unfolding situation, users were advised to revoke all token approvals previously granted to individual aggregator contracts that operate outside of 0x’s One-Time Approval framework. The warning emphasized that lingering approvals could continue to allow unauthorized asset movements even after the immediate vulnerability had been addressed.

Matcha Meta also acknowledged the incident publicly. In a statement published on the social media platform X, the team confirmed that it was in direct communication with the SwapNet developers and that SwapNet’s contracts had been temporarily disabled as a precautionary measure. Matcha Meta added that an internal investigation was underway and that further updates would be shared as additional details became available.

The platform identified SwapNet’s router contract at address 0x616000e384Ef1C2B52f5f3A88D57a3B64F23757e as the most critical approval for users to revoke. It cautioned that failing to remove this authorization could leave wallets vulnerable to further unauthorized transactions even after the exploit itself had been contained.

SwapNet is a DEX aggregator designed to optimize token swaps by routing trades across multiple on-chain liquidity venues, including automated market makers and professional market makers. Matcha Meta incorporates SwapNet as one of several underlying liquidity and routing options, directing certain trades through its infrastructure to source competitive swap rates.

Matcha Meta Enhances DeFi Trading With Multi-Chain Liquidity Aggregation, Gas Optimization, And MEV Protection

The DEX is designed to provide users with optimal pricing for decentralized finance (DeFi) transactions by leveraging both on-chain and off-chain liquidity sources. Using the 0x Swap API, the platform scans more than one hundred venues, including automated market makers and 0x’s proprietary request-for-quote system, to identify the best-executed prices. This method aims to improve price efficiency and reduce gas costs, offering a cost-effective alternative to trading directly on platforms such as Uniswap or SushiSwap.

The platform supports trading across nine blockchain networks, including Ethereum, BNB Smart Chain, Polygon, Avalanche, Optimism, Fantom, Celo, Arbitrum, and Base, enabling users to access liquidity across multiple ecosystems. 

Matcha Meta indexes over 4.7 million tokens from more than a hundred DEX liquidity sources, allowing it to aggregate liquidity and provide more competitive trade pricing. Gas fees are incorporated directly into trades to cover potential re-submission costs, removing the need for users to hold native tokens for transaction fees. 

Additionally, the platform integrates MEV protection through the 0x Swap APIs, helping users avoid slippage and front-running attacks. On Ethereum and Polygon, trades routed via Matcha Auto or manually through the RFQ system also benefit from safeguards against MEV exploits.

The post Matcha Meta Suffers $16.8M Breach Linked To SwapNet, Users Urged To Revoke Token Approvals appeared first on Metaverse Post.