Clipper: Attacked due to a vulnerability in the withdrawal function, not due to private key leakage as claimed by a 'third party'

CoinVoice has recently learned that the decentralized exchange (DEX) Clipper clarified that there was a vulnerability in its withdrawal function, which led to the protocol being recently hacked, resulting in losses of $450,000, and not due to a private key leakage as claimed by a 'third party.'

Clipper stated: "On December 1, the attacker exploited two liquidity pools, locking approximately 6% of the total value. A third party claimed there was a private key leakage issue. We can confirm that this is not the case and is inconsistent with Clipper's design and security architecture. The function to withdraw in the form of a token (bundled exchange + deposit/withdrawal transactions) has been disabled."

Previously, the co-founder of security firm Fuzzland posted on X that Clipper "was hacked due to an API vulnerability (such as private key leakage)," adding that the API may have a flaw allowing attackers to sign deposit and withdrawal requests and steal more funds than they deposited. [Original link]