RocketSwap, the second-largest decentralized exchange by trading volume on Base, was hacked for around $866,500 due to a private key compromise from their online servers.
The DEX led Base’s meme coin hype after its mainnet launch last week. Base is an Ethereum layer-2 solution incubated by Coinbase.
RocketSwap’s team detected a hack early Tuesday morning as it tweeted about an “anomaly” in its DeFi farms.
The team has detected an anomaly on the farm and we are investigating the problem.
— RocketSwap (@RocketSwap_Labs) August 14, 2023
RocketSwap’s farms are specialized pools that provide additional yield in the protocol’s native RCKT tokens for liquidity providers.
An hour later, the team confirmed the hack citing a “brute force hack of the server” where the team stored its private keys.
Hackers drained the farm of the project’s governance token RCKT and Wrapped Ethereum (WETH) and later converted RCKT tokens to approximately 471 ETH worth $866,500.
The team shut down the farm and revoked and “waived” the “minting rights” for new positions.
Blockchain security firm PeckShield confirmed that the exploiter bridged approximately 471 ETH from Base to Ethereum.
RocketSwap made a “call on hackers” to return stolen assets.
RocketSwap did not immediately respond to Decrypt’s request for comment.
RocketSwap Hacker launches meme coin
PeckShield also found that the address later used the funds to create a meme coin called LoveRCKT and supplied it with 400 ETH liquidity on Uniswap.
Meme coins are tokens inspired by internet memes or resonate among a community. The market’s largest meme coins by market capitalization are Dogecoin (DOGE) and Shiba Inu (SHIB).
The RocketSwap team explained in a post-mortem of the attack that the team “needed to use offline signatures when deploying the launchpad.”
The launchpad is a new feature of RocketSwap which helps new DeFi projects raise capital via an initial token sale.
RocketSwap team will “redeploy a new farm contract” by removing that vulnerability that allowed the hackers to steal funds from the farm. They will move ahead with the Launchpad plans as well.
Another DEX on Base, LeetSwap was exploited at the start of this month.