A hacker stole 13.5 million dollars in cryptocurrency from users of the decentralized exchange meta aggregator Matcha Meta on January 25. The security breach targeted users who had interacted with the SwapNet aggregator and disabled one-time approval settings on their accounts.

The security incident began late in the afternoon on January 25 and was quickly identified by blockchain security firms as a significant breach of user funds. Matcha Meta, which is developed by 0x, officially confirmed the attack several hours later and traced the vulnerability back to an integrated exchange aggregator known as SwapNet.

Investigation into the exploit revealed that the core 0x protocol contracts, specifically the AllowanceHolder and Settler contracts, remained secure and were not the source of the leak. Instead, the attacker gained access through permissions granted to external aggregators. This distinction is critical as it narrows the scope of the incident to specific routing paths rather than the entire protocol architecture.

In response to the theft, the protocol team advised all users to immediately revoke any standing approvals given to individual aggregators outside of the standard 0x one-time approval system. This precaution is necessary because users who opted out of the one-time approval feature left their digital wallets vulnerable to persistent access by the compromised third-party routing contract.

As a meta aggregator, Matcha Meta functions as a comprehensive search engine for decentralized finance, scanning multiple exchange platforms to find the best prices for traders. While this model provides efficiency, it also introduces complexity because it relies on the security of multiple underlying protocols, as demonstrated by the failure within the SwapNet integration.

This exploit highlights an ongoing challenge within the decentralized finance industry regarding the safety of older smart contracts and third-party integrations. Security experts remain concerned about these types of vulnerabilities, as even a highly audited main protocol can be put at risk by a single weak link in its network of connected services.

Source: Hacker Steals Millions From Matcha Meta Users After Protocol Security Incident