According to security firm PeckShield, RocketSwap, a leading decentralized (DEX) cryptocurrency exchange operating on the Base Layer 2 network, was the victim of a cyberattack that resulted in the theft of 471 ETH worth approximately $870,000. The incident sparked discussions about security vulnerabilities in the fast-growing decentralized finance (DeFi) sector. Here are the details…
Cryptocurrency hackers take action for RocketSwap
As reported by the platform team, the attack exploited a number of vulnerabilities in RocketSwap’s security infrastructure. DEX uses offline signatures during the launchpad process and private keys are stored on a server are among the reasons identified. This breach allowed the attacker to launch a brute-force attack on a cloud server, eventually extracting RocketSwap’s private keys and performing asset transfers from yield farming. Suspicions and accusations surfaced on social media in the wake of the attack pointed to the possibility of rug pull, a deceptive maneuver where creators drained the liquidity of a DeFi project. However, the RocketSwap team vehemently denied these claims. He claimed that a third-party hacker was responsible for the breach.
As a result of the team's investigation
We are sorry to inform you that the team needed to use offline signatures when deploying the launchpad and put the private keys on the server.
A brute force hack of the server was detected, and due to the proxy contract used for the farm…— RocketSwap (@RocketSwap_Labs) August 14, 2023
In response to the incident, the RocketSwap team issued an apology, explaining that using offline signatures and storing private keys on the server was a mistake. They acknowledged that the attack exploited these weaknesses and high-risk permissions in the proxy contract used for the farm contract. This breach highlighted the vulnerability of decentralized exchanges and DeFi platforms, particularly those built on emerging layer 2 networks like Base. This marks the second major security vulnerability in the Base network in a short time. cryptocoin.comAs we reported, just a few weeks ago, LeetSwap, another decentralized exchange, was hacked that resulted in a loss of $630,000.
#PeckShieldAlert The @RocketSwap_Labs exploiter has grabbed ~471 $ETH and bridged them from #Base to #Ethereum, and then created the token $LoveRCKT, the exploiter already supplied 90T $LoveRCKT and 400 $ETH to #Uniswap https://t.co/z12YlLjbsn pic.twitter.com/Wxaph6lcuD
— PeckShieldAlert (@PeckShieldAlert) August 15, 2023
New meme coin hits the market
Migrating from a developer-only mainnet to a public release, the Base network has attracted over $200 million in assets since its initial phase. Despite its growing popularity, recent security events underscore the importance of robust security measures in the fast-paced world of cryptocurrency and DeFi. The attacker took advantage of the stolen assets by unexpectedly creating a memecoin called LoveRCKT after the hack. The attacker moved the stolen funds from the Base Blockchain to Ethereum and provided liquidity for LoveRCKT on Uniswap. Despite its origin, traders eagerly participated in the LoveRCKT trading. This caused the price of the coin to surge from $0.00000001 to $0.00000003 before falling more than 90 percent.
In addition, RCKT fell from $ 1.88 to $ 0.6 after the attack. This event serves as a stark reminder of the challenges and risks associated with the decentralized financial ecosystem. It has sparked debate within the cryptocurrency community about how to improve the security posture of new DeFi platforms and exchanges operating on layer 2 networks.
