Clipper, a decentralized exchange (DEX), has revealed that a vulnerability in its withdrawal function led to the recent $450,000 hack.

The protocol clarified in a December 1 statement on X that contrary to earlier claims by third parties, the exploit was not due to a private key leak but rather a design flaw within its withdrawal process.

Hack Targets Two Liquidity Pools

The breach, which occurred on December 1, impacted two of Clipper’s liquidity pools, amounting to 6% of the exchange’s total value locked (TVL). Clipper assured users that no other pools were affected and that the exploit has been resolved.

“There have been third-party claims suggesting a private key leak,” Clipper stated. “We can confirm that this is not the case and is inconsistent with the design and security architecture of Clipper.”

The vulnerability was linked to the ability to withdraw funds in the form of a single token, described as a “bundled swap + deposit/withdrawal transaction.” This feature has since been disabled as a precautionary measure.

The incident came to light after Chaofan Shou, co-founder of the security firm Fuzzland, suggested on X that the hack could have resulted from an API vulnerability, enabling attackers to sign deposit and withdrawal requests fraudulently. Clipper dismissed these claims but acknowledged the need for a thorough investigation.

Protocol Takes Action Amid Rising Crypto Thefts

In the wake of the hack, Clipper has paused swaps and deposits while keeping withdrawals open, albeit with stricter conditions. Users can only withdraw funds in a mix of assets from the affected pools. The protocol is actively tracing the stolen funds and has extended an olive branch to the attacker, inviting them to initiate communication for potential negotiations.

This breach adds to the troubling tally of over $1.48 billion in crypto stolen globally in 2024, according to a recent Immunefi report. While this figure marks a 15% decline compared to the same period last year, it underscores the persistent vulnerabilities plaguing the DeFi sector.

Shipyard Software Inc., the creator of Clipper, has yet to issue further statements regarding the incident. For Clipper and its users, the hack serves as a stark reminder of the importance of robust security protocols in safeguarding decentralized platforms.

The post Clipper DEX Hack Exposes $450,000 Vulnerability, Team Rules Out Private Key Leak appeared first on TheCoinrise.com.