DEX Clipper rejects private key claims after the breach

Decentralized exchange (DEX) Clipper experienced a security breach targeting its liquidity pools Optimism and Base on December 1st at 4:00 UTC.

Chaofan Xu, co-founder of security firm Fuzzland, said the attack was originally a private key leak by the exploiter to allow deposit and withdrawal transactions. Clipper, however, rejected this explanation, saying that its security model was designed to protect against such cases.

Exploitation

According to Clipper's latest update, the attack caused a loss of nearly $450,000, which represents 6 percent of its total value locked (TVL). Although the attacker tried to exploit other chains, these attempts failed, and they and the pools were not harmed.

After the exploit was mitigated, Clipper confirmed that it took immediate action to protect user funds and investigate the breach. As a precaution, all on-chain exchanges and deposits have been temporarily halted.

However, withdrawals remain fully functional, consistent with Clipper's custodial nature, which ensures users are in control of their assets. It should be noted that since the ability to withdraw a token – the so-called exploited feature – is disabled, withdrawals must include a mix of all assets currently in the pool.

Addressing speculation about the nature of the incident, Clipper clarified that the exploit was not caused by a private key leak. The team behind DEX is actively working with security experts to investigate the breach and implement improved defenses.

“In addition to the investigation, an effort has been launched to find funds to attempt recovery. If you were an abuser and are willing to speak up, please reach out directly. Clipper is committed to transparency and will provide additional updates to the community as more information becomes available.

Hacks Ravage DeFi

According to Immunefi's November 2024 report, hackers were responsible for a staggering 99.96% of crypto losses that month. Meanwhile, fraud and carpet dragging have dropped significantly, amounting to just $25,300 in two cases.

The decentralized finance (DFI) sector suffered a loss of $71 million – the lowest monthly total of the year and down sharply from $343 million in November 2023.