RocketSwap Hack: $870K Stolen Due to Security Lapses

RocketSwap, a Base Layer 2-based decentralized exchange, has been compromised. According to security firm PeckShield, the perpetrator made off with 471 ETH ($870,000).

RocketSwap’s team claimed to have pinpointed the cause of the hack as a series of security lapses, such as the DEX’s use of offline signatures in the launchpad deployment and the decision to hold private keys on the server.

Some social media users have since accused the team of pulling a fast one, but the team maintains a third-party hacker is to blame.

The team asserted that the intruder executed a brute force attack on a cloud server utilized by the project, allowing them to extract RocketSwap’s private keys and then conduct asset transfers from its yield farm.

“We regret to inform you that the team had to deploy the launchpad using offline signatures and store the private keys on the server.

Due to the proxy contract used for the farm contract, numerous high-risk permissions led to the transfer of the farm’s assets,” the report stated.

This is the second significant security breach on the Base network in rapid succession, following a hack on another decentralized exchange, LeetSwap, on July 31 that resulted in the loss of $630,000.

The developer-only mainnet of the Base network was activated in July, initiating a phase restricted to developers before a wider public release.

Since the developer phase, over $200 million worth of Ethereum assets have been transmitted to the network.

Following yesterday’s RocketSwap incident, PeckShield observed that the hacker moved the stolen assets from the Base blockchain to the Ethereum blockchain and rapidly created a memecoin called LoveRCKT.

On Uniswap, this newly-minted token was coupled with 400 ETH of liquidity. Despite the hacker’s deployment, traders poured in.

The price of LoveRCKT tripled in a single day, from $0.00000001 to $0.00000003, before falling by more than 90%.