Clipper, a decentralized exchange (DEX), became the target of a cyberattack that led to a loss of approximately $450,000 from its protocol. While initially, rumors circulated that the Clipper cyberattack was caused by a private key leak, Clipper has since clarified that the breach was due to a vulnerability in its withdrawal functionality, not a private key leak.
The Clipper cyberattack, which occurred on December 1, 2024, exploited a weakness in Clipper’s withdrawal process on the Optimism and Base pools, accounting for around 6% of the exchange’s total value locked (TVL). The decentralized exchange clarified that the attacker attempted to target other chains, but these efforts were unsuccessful. Importantly, the exploit has now been contained, with the ongoing investigation aiming to track the stolen funds and possibly recover them.
Decoding the Clipper Cyberattack
Clipper immediately took action to address the data breach, pausing all swaps and deposits across its platform. However, withdrawals remained functional, although with restrictions. To prevent further exploitation of the vulnerability, Clipper disabled the ability to withdraw single assets, requiring users to withdraw a mix of all assets in the pool.
The decentralized exchange responded swiftly to the incident, reassuring the community that no other pools or chains were affected. In a statement, Clipper confirmed, “There have been third-party claims suggesting a private key leak; however, we can confirm that this is not the case and is inconsistent with the design and security architecture of Clipper.”
The statement emphasized that Clipper’s architecture remains secure. The root cause of the cyberattack was a vulnerability in the withdrawal feature, specifically a bundled swap-and-withdraw function. This allowed attackers to exploit the system and withdraw more funds than they had initially deposited.
The Clipper cyberattack involved the attacker using the API to sign transactions that allowed them to manipulate the system, gaining more tokens than initially put in. One of the transactions can be traced back to a suspicious call on the Clipper Exchange’s pool deposit and withdrawal functions, which ultimately facilitated the exploit.
Clipper’s Response and Ongoing Investigation
Following the cyberattack on Clipper DEX, the platform assured users that it was conducting a thorough investigation to understand the full extent of the exploit. Clipper also began efforts to trace the stolen funds in an attempt to recover them. While the investigation is ongoing, the exchange remains committed to transparency, pledging to provide updates to the community as more information becomes available.
The platform’s security measures were further outlined, noting that trading and deposits were halted across all chains to prevent further damage. However, Clipper emphasized that no current funds were at risk, and the vulnerability did not impact funds held by users in pools, as all funds were still secure in the system.
Clipper concluded its statement with a call to action: “If you are the exploiter and are willing to speak, please reach out directly.” This statement appears to be a last-ditch effort to communicate with the attacker, hoping for a peaceful resolution.
