Swapos

Amount Lost: $464,026.00
Funds Returned: $0.00
Category: Exchange (DEX)
Date: 2023-4-16

Quick Summary

Swapos DEX was exploited on the same day it launched, with 464,026 $USD worth of assets stolen. The exploit was possible due to a vulnerable 'swap' function that allowed anyone to perform malicious swaps and

fully drain the pool.

Details of the Exploit

Swapos is a DEX running on the Ethereum chain. The project offered decentralized trading with low fees. On the day Swapos V2 Contracts were deployed, a vulnerability was discovered in their 'swap' function which allowed an attacker to execute malicious swaps and fully drain all three pools, including SWP/WETH, USDC/WETH, USDC/WBTC. In total, 464,026 $USD worth of assets were stolen from these pools. Interestingly, the exploiter executed a transaction after a hack with a message reading "safe", suggesting they may be a whitehat hacker attempting to bring attention to this vulnerability rather than committing outright theft. Regardless of intent, funds are currently held within the attacker's contract.