• The Clipper hack was caused by a withdrawal function vulnerability, not a private key leak.
  • The $450,000 hack exploited liquidity pools, affecting 6% of Clipper’s total value locked.
  • Clipper has paused swaps and deposits, focusing on recovering stolen funds and investigating.

Clipper, a decentralized exchange (DEX), has reported a $450,000 hack on December 1 due to a withdrawal vulnerability. The attack targeted two liquidity pools, affecting 6% of the platform’s total value locked. Clipper stated that the exploit had ended and no other pools were affected.

Clipper DEX reports that the recent $450K hack was due to a withdrawal vulnerability, not a private key leak. (CoinTelegraph) #Crypto #Blockchain pic.twitter.com/Ip7o2oW3PY

— Alt Coins Professor X (@AltCoinsProf) December 2, 2024

The vulnerability involved the ability to withdraw using one token in a combined swap-and-withdrawal transaction. Clipper has now disabled this feature to prevent future exploitation.

Clipper Denies Private Key Leak Allegations

Clipper has rejected allegations of a private key leak causing the exploit. These claims surfaced after Chaofan Shou, co-founder of Fuzzland, made the accusation. Shou claimed an API vulnerability might have allowed unauthorized deposit and withdrawal approvals.

Moreover, Clipper has clarified that its security architecture prevents private key leaks. The exchange emphasized that the issue originated from the withdrawal function, not compromised keys.

Exchange Adjusts Operations

Clipper paused swaps and deposits to enhance security while the investigation continues. However, users can still withdraw funds if they withdraw proportional mixes of assets. Clipper reassured users that this action eliminates any further exploitation risks.

The team confirmed it is tracking the stolen funds and investigating recovery options . Clipper has invited the hacker to reach out for discussions about resolving the matter.

Crypto Hacks Highlight Ongoing Security Challenges

The Clipper hack contributes to the $1.48 billion stolen from crypto platforms in 2024. This figure marks a 15% decrease compared to the same period in 2023. Clipper said it remains committed to strengthening security and ensuring the protection of user funds.

Clipper continues to investigate the breach and promised to provide updates to affected users. Shipyard Software, the company behind Clipper, has not commented further on the incident. The exchange remains focused on improving its security measures and regaining user trust.

disclaimer read more

Crypto News Land, also abbreviated as "CNL", is an independent media entity - we are not affiliated with any company in the blockchain and cryptocurrency industry. We aim to provide fresh and relevant content that will help build up the crypto space since we believe in its potential to impact the world for the better. All of our news sources are credible and accurate as we know it, although we do not make any warranty as to the validity of their statements as well as their motive behind it. While we make sure to double-check the veracity of information from our sources, we do not make any assurances as to the timeliness and completeness of any information in our website as provided by our sources. Moreover, we disclaim any information on our website as investment or financial advice. We encourage all visitors to do your own research and consult with an expert in the relevant subject before making any investment or trading decision.