Clipper: Attacked due to a vulnerability in the withdrawal function, not a private key leak as claimed by a 'third party.'

According to ChainCatcher, decentralized exchange (DEX) Clipper clarified that there was a vulnerability in its withdrawal function that led to its protocol being recently hacked, resulting in losses amounting to $450,000, rather than a private key leak as claimed by a 'third party.'

Clipper stated: "On December 1, the attacker utilized two liquidity pools, locking approximately 6% of the total value. There are third-party claims of a private key leak issue. We can confirm that this is not the case and is inconsistent with Clipper's design and security architecture. The ability to withdraw in a token form (bundled exchange + deposit/withdrawal transactions) has been disabled."

Previously, the co-founder of security firm Fuzzland posted on X that Clipper "was hacked due to an API vulnerability (such as a private key leak)," and added that the API may have vulnerabilities allowing attackers to sign deposit and withdrawal requests and steal more funds than they deposited.