DeFi Exchange aggregator Dexible suffers exploit of $2 Million

Key Takeaways

• The hack affected 13 wallets on Arbitrum and five wallets on Ethereum.
• The wallet address linked with the Dexible hacker drained $1.5 million in TRU tokens from a wallet labeled as investment firm BlockTower’s 

On Friday, Decentralized exchange aggregator Dexible suffered an exploit of $2 million. According to Dexible’s official statement, the hacker exploited a weakness in the smart contract code, allowing him to drain funds from crypto wallets with funds that have been approved for spending.

Following receiving the tokens into their own smart contract, the hacker withdrew the coins through Tornado Cash into unknown BNB wallets, as per data on Arkham Intelligence, a blockchain intelligence firm. The hacker transferred the stolen TRU tokens to SushiSwap to trade for ether ETH, which they later sent to crypto mixer TornadoCash.

Dear Dexible community, we regret to inform you that in the early hours of February 17th, a hacker exploited a vulnerability in our newest smart contract. This allowed the hacker to steal funds from any wallet that had an unspent spend approval on the contract.

1/5

— Dexible (@DexibleApp) February 17, 2023

Reportedly, the hack impacted 17 traders, with investment firm BlockTower Capital suffering the largest loss.The wallet address linked with the Dexible hacker on Etherscan drained around $1.5 million in TRU tokens from a wallet labeled as BlockTower’s.

The hack affected 13 wallets on Arbitrum and five wallets on Ethereum, “17 traders were affected total, four on Mainnet, 13 on Arbitrum. Out of 36 on Arbitrum, only 13 were exploited. Out of 14 unique on Ethereum, four were exploited”, Dexible’s announcement reads.

The firm further added that a few whales” accounted for about 85% of the losses from the exploit. “There’s no excuse for an exploit, but these things happen,” the firm wrote on Twitter. Dexible has currently paused its contracts and has urged users to revoke token authorizations for them.

“We have paused these contracts while we get a full picture of the situation,” Michael Coon, who holds post of chief executive(CEO) of Dexible, posted on the firm’s Discord server.

Smart contract exploits are becoming increasingly common in the Web3 space. The latest Dexible exploits only highlight the vulnerabilities in smart contracts and the need to rectify them. Last year, Team Finance, a web3 infrastructure, suffered a smart contract exploit, resulting in the loss of assets worth $14.5 million.