An On-Chain DEX Aggregator Just Lost $17 Million in Major Smart Contract Attack

On-chain decentralized exchange (DEX) aggregator, SwapNet, has suffered a major smart contract exploit that drained nearly $16.8 million in crypto assets.

The incident highlights persistent security risks tied to token approvals and third-party routing contracts in decentralized finance (DeFi).

On-Chain DEX Aggregator SwapNet Suffers $16.8 Million Exploit

PeckShield reported that the attacker targeted SwapNet-linked activity accessible through Matcha Meta, a meta DEX aggregator built by the 0x team.

On the Base network, the attacker swapped approximately $10.5 million in USDC for around 3,655 ETH before bridging the funds to Ethereum, a common tactic used to complicate tracking and recovery efforts.

Matcha Meta articulated that the exposure did not stem from its core infrastructure. Instead, the affected users were those who had opted out of 0x’s One-Time Approval system, a security feature designed to limit ongoing token permissions.

Users who disabled this option granted direct approvals to underlying aggregator contracts, including SwapNet’s router, which ultimately became the attack vector.

“We are aware of an incident with SwapNet that users may have been exposed to on Matcha Meta for those who turned off One-Time Approvals,” Matcha Meta said in a statement.

The platform confirmed it is coordinating with the SwapNet team, which has temporarily disabled the affected contracts while investigations continue.

As a precaution, Matcha Meta urged users to immediately revoke approvals to individual aggregators outside of 0x’s One-Time Approval framework.

The platform highlighted SwapNet’s router contract (0x616000e384Ef1C2B52f5f3A88D57a3B64F23757e) as the most urgent approval to revoke. Failure to do so could leave wallets exposed even after the exploit has been contained.

DeFi’s Security Trade-Offs: Convenience vs. Safety Amid Rising Smart Contract Exploits

The incident reflects a longstanding trade-off in DeFi between convenience and security. One-Time Approvals require users to approve each transaction individually, reducing persistent attack surfaces. However, it also adds friction for frequent traders.

Unlimited approvals, while faster, grant smart contracts enduring access to user funds. However, this arrangement becomes dangerous when those contracts are compromised.

SwapNet has not yet released a full technical post-mortem or indicated whether affected users will be compensated. This leaves open questions around accountability and recovery.

The lack of immediate clarity is likely to intensify scrutiny around approval practices and aggregator integrations across the DeFi ecosystem.

Another Ethereum Exploit Highlights Risks of Unverified, Closed-Source Contracts

The exploit comes amid a broader pattern of smart contract attacks and security incidents in the crypto market.

On the same day, security auditor Pashov flagged a separate Ethereum mainnet exploit involving roughly 37 WBTC, worth over $3.1 million.

This was linked to a closed-source, unverified contract deployed just 41 days earlier. The contract published only non-human-readable bytecode, preventing public review.

Together, the incidents highlight abundant fertile grounds for attackers in DeFi. These are:

• Unverified code
• Persistent approvals, and
• Complex routing layers.

Despite years of audits and security improvements, DeFi continues to grapple with structural vulnerabilities. This places the burden on developers and users to balance usability with risk management.