LeetSwap, a decentralized exchange operating on Coinbase’s Base network, has taken a proactive step in response to possible security threats. The platform recently announced the temporary suspension of trading to address apprehensions over a potential exploit. The LeetSwap team is diligently working to investigate and resolve the situation promptly.
As our DEX is forked from Solidly, our factory had a security pause function.
We noticed that some pool liquidity might have been compromised and we temporarily stopped the trading to investigate.
— LeetSwap (@LeetSwap) August 1, 2023
Cautionary Measure Amid Liquidity Pool Concerns
In a tweet on Tuesday, LeetSwap revealed that they had detected potential issues with some of their liquidity pools. To ensure the safety and integrity of their platform, the team decided to temporarily halt trading and initiate a thorough investigation. This precautionary measure aims to prevent any further risks and safeguard the interests of their users.
Working Closely with On-Chain Security Experts
Acknowledging the gravity of the situation, LeetSwap is actively collaborating with on-chain security experts to handle the incident effectively. Their concerted efforts aim to recover any locked liquidity and restore normalcy to the platform. As the team delves deeper into the investigation, they remain committed to providing their users with a secure and resilient trading environment.
User Actions Encouraged
In response to the situation, LeetSwap advised its users to take appropriate actions to protect their assets. The exchange explicitly mentioned that those who had not locked their liquidity are free to remove it from the pools. This move empowers users to exercise caution and manage their holdings during this uncertain period.
Possible Method of Exploitation Analyzed
While the exchange has not disclosed the specific reasons for the trading suspension, various blockchain experts have offered insights into the potential method of exploitation. According to Igor Igamberdiev, the research head at algorithmic market maker Wintermute, the attacker may have taken advantage of an exposed smart contract function. This vulnerability allowed them to manipulate token prices, leading to the draining of wrapped Ether from LeetSwap’s liquidity pools.
— Igor Igamberdiev (@FrankResearcher) August 1, 2023
Significance of the Exploit
Igamberdiev further highlighted that the exploit seemed to have enabled the attacker to gain approximately 342.5 ETH, an amount valued at over $630,000. Such incidents underscore the importance of robust security measures and vigilance within the DeFi space.
Root Cause Identified by Blockchain Security Firm
Backing Igamberdiev’s observations, another blockchain security firm, PeckShield, shed light on the root cause of the exploit. The exposed “LeetSwapV2Pair::_transferFeesSupportingTaxTokens()” function was identified as the entry point for the attack. This function, scarcely forked from a secure source, became the focal point of the security breach.
Our analysis shows the root case is from the exposed LeetSwapV2Pair::_transferFeesSupportingTaxTokens() function, which is hardly forked from solidly. https://t.co/orupeZNt1B pic.twitter.com/MSYskyhMXU
— PeckShield Inc. (@peckshield) August 1, 2023
Emphasis on Strengthening Security Measures
The incident at LeetSwap serves as a wake-up call for the broader DeFi industry, highlighting the need for continuous improvement in security protocols. As decentralized finance continues to gain popularity, exchanges and platforms must remain steadfast in their commitment to fortify their systems against potential threats.
LeetSwap’s decision to temporarily suspend trading amidst potential exploit concerns demonstrates its dedication to safeguarding its user community. As the investigation unfolds and the platform collaborates with experts to address the situation, the broader DeFi ecosystem is reminded of the importance of constant vigilance and proactive security measures. The incident serves as a pivotal moment for the industry, driving home the criticality of fortifying DeFi platforms against emerging threats to ensure a safer and more resilient ecosystem for all users.