Matcha Meta Hack Linked to SwapNet Drains $16.8 Million in Crypto

The attack was connected to a flaw in a smart contract that allowed an unknown party to move funds without permission.

In a post on X, Matcha Meta said users who had approved SwapNet’s router contract for token spending might be at risk. The team urged everyone to cancel or revoke those approvals immediately to prevent further losses.

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

Paper Hands vs Diamond Hands: Crypto Slang Explained (ANIMATED)

SUBSCRIBE

ON YOUTUBE

Different blockchain security firms gave varying estimates of the damage. CertiK said around $13.3 million was taken, while PeckShield reported at least $16.8 million in stolen assets on the Base network.

PeckShield wrote on X, “So far, around $16.8M worth of crypto has been drained. On Base, the attacker swapped around 10.5M USDC USDC $0.9992 for around 3,655 ETH and has begun bridging funds to Ethereum ETH $2,934.45 ".

CertiK explained that the issue came from an "arbitrary call in @0xswapnet contract that let the attacker transfer funds approved to it".

This flaw allowed the attacker to move any tokens that users had previously granted permission for.

Matcha Meta clarified that its own systems were not directly breached. The problem was caused by a vulnerability in SwapNet’s smart contract.

The platform said it would continue to share updates and recommended that users review their token permissions to stay protected.

Saga, a blockchain network, recently shut down operations on its SagaEVM mainnet after discovering an exploit. How did the incident happen? Read the full story.