Decentralized exchange (DEX) Clipper has clarified it was a vulnerability in its withdrawal function that caused the recent $450,000 hack of its protocol — rather than a private key leak as suggested by a “third-party.”
Clipper said in a Dec. 1 X post that the attacker exploited two liquidity pools on Dec. 1, which took around 6% of its total value locked. It added no other pools were affected and the exploit had ended.
“There have been third-party claims suggesting a private key leak,” Clipper wrote. “We can confirm that this is not the case and is inconsistent with the design and security architecture of Clipper.”
“The ability to withdraw in the form of just one token (a bundled swap + deposit/withdrawal transaction) is disabled, because that seems to have been the exploited feature,” it added.
Earlier, the co-founder of security firm Fuzzland Chaofan Shou posted to X that Clipper was “hacked due to API vulnerability (like private key leak)” and added the API likely had vulnerabilities that allowed an attacker to sign deposit and withdrawal requests and pilfer out more funds than they were putting in.
![Hacks, Decentralized Exchange, DEX]()
Source: Chaofan Shou
Clipper said it is undertaking an investigation of the incident and promised to provide further updates and has paused swaps and deposits on its protocol in the meantime. Withdrawals are open, but they “must be in the mix of all assets in the pool,” it added.
Related: Spectral Labs identifies Syntax vulnerability, pauses contracts
The project wrote that it’s also begun to trace the stolen funds in an attempt to recover them and asked the exploiter to contact the project if they’re “willing to speak.”
The hack adds to the over $1.48 billion worth of crypto that’s been stolen in 2024 to the end of November, a 15% decrease compared to the same period last year, according to a Nov. 28 Immunefi report.
Clipper’s creator, Shipyard Software Inc., did not immediately respond to a request for comment outside of normal business hours.
Shou was contacted for comment.
Magazine: Legal issues surround the FBI’s creation of fake crypto tokens
- #Hacks
- #Decentralized Exchange
- #DeFi
- #DEX
Add reaction
![]()
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
