Matcha Meta Suffers $16.8M Breach Linked To SwapNet, Users Urged To Revoke Token Approvals
In Brief
Matcha Meta experienced a $16.8 million DeFi security breach linked to SwapNet, with users advised to revoke risky token approvals to prevent further losses.
Real-time blockchain security monitoring service PeckShieldAlert has disclosed that the decentralized exchange (DEX) aggregator Matcha Meta was affected by a security incident connected to SwapNet, an external routing service integrated into its trading infrastructure.
The alert indicated that users who had chosen to disable 0x’s “One-Time Approvals” feature were particularly exposed to risk as a result of the way token permissions were configured.
PeckShieldAlert reported that approximately $16.8 million worth of digital assets had been removed from affected wallets. On the Base network, the attacker converted roughly 10.5 million USDC into about 3,655 ETH and subsequently began transferring the funds toward the Ethereum mainnet through cross-chain bridging mechanisms, a step commonly used to complicate transaction tracing.
In response to the unfolding situation, users were advised to revoke all token approvals previously granted to individual aggregator contracts that operate outside of 0x’s One-Time Approval framework. The warning emphasized that lingering approvals could continue to allow unauthorized asset movements even after the immediate vulnerability had been addressed.
Matcha Meta also acknowledged the incident publicly. In a statement published on the social media platform X, the team confirmed that it was in direct communication with the SwapNet developers and that SwapNet’s contracts had been temporarily disabled as a precautionary measure. Matcha Meta added that an internal investigation was underway and that further updates would be shared as additional details became available.
The platform identified SwapNet’s router contract at address 0x616000e384Ef1C2B52f5f3A88D57a3B64F23757e as the most critical approval for users to revoke. It cautioned that failing to remove this authorization could leave wallets vulnerable to further unauthorized transactions even after the exploit itself had been contained.
SwapNet is a DEX aggregator designed to optimize token swaps by routing trades across multiple on-chain liquidity venues, including automated market makers and professional market makers. Matcha Meta incorporates SwapNet as one of several underlying liquidity and routing options, directing certain trades through its infrastructure to source competitive swap rates.
Matcha Meta Enhances DeFi Trading With Multi-Chain Liquidity Aggregation, Gas Optimization, And MEV Protection
The DEX is designed to provide users with optimal pricing for decentralized finance (DeFi) transactions by leveraging both on-chain and off-chain liquidity sources. Using the 0x Swap API, the platform scans more than one hundred venues, including automated market makers and 0x’s proprietary request-for-quote system, to identify the best-executed prices. This method aims to improve price efficiency and reduce gas costs, offering a cost-effective alternative to trading directly on platforms such as Uniswap or SushiSwap.
The platform supports trading across nine blockchain networks, including Ethereum, BNB Smart Chain, Polygon, Avalanche, Optimism, Fantom, Celo, Arbitrum, and Base, enabling users to access liquidity across multiple ecosystems.
Matcha Meta indexes over 4.7 million tokens from more than a hundred DEX liquidity sources, allowing it to aggregate liquidity and provide more competitive trade pricing. Gas fees are incorporated directly into trades to cover potential re-submission costs, removing the need for users to hold native tokens for transaction fees.
Additionally, the platform integrates MEV protection through the 0x Swap APIs, helping users avoid slippage and front-running attacks. On Ethereum and Polygon, trades routed via Matcha Auto or manually through the RFQ system also benefit from safeguards against MEV exploits.
Disclaimer
In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.
About The Author
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
More articles
Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.
