The decentralised exchange RocketSwap has been hacked with the scammer making 471 ETH or roughly $870,000, according to security firm PeckShield.
Built on Base, the Coinbase layer-2 network, the RocketSwap hack marks the second compromise of the blockchain less than a month since its mainnet has gone live.
The hack was caused by numerous different weaknesses of the DEX, according to RocketSwap. This included the use of offline signatures when it deployed the launchpad, these keys were then stored on the server.
“A brute force hack of the server was detected, and due to the proxy contract used for the farm contract, there were multiple high-risk permissions that led to the transfer of the farm’s assets. We shut down the farm to prevent further damage,” RocketSwap tweeted.
RocketSwap exploit
After the hacker brute forced into the DEX, PeckShield noted that the assets were quickly moved over to the Ethereum blockchain. The perpetrator then create a memecoin under the name LoveRCKT.
LoveRCKT was paired with 400 ETH of liquidity on the Uniswap DEX. Investors quickly flocked to the token and started buying the scam cryptocurrency. The newly minted token saw its price triple within 24 hours of launching. LoveRCKT climbed from $0.00000001 to $0.00000003, before plummeting and losing most of its value.
The exploiter then sold 2.5 trillion LoveRocket for 20.33 WETH, according to PeckShieldAlert.
Previous RocketSwap scams
Other security blunders from the exchange have been noted by community members. A user on X shared a deleted post from RocketSwap, where the team admitted to transferring $69,000 of the native RCKT token to a scammer.
There is now speculation from community members that these exploits are part of a rug pull scam from the RocketSwap team.
LeetSwap hacked on Base
RocketSwap was the second dApp exploited on the Base blockchain, the first was another DEX LeetSwap. The exchange lost $630,000 on 31 July.
“We noticed that some pool liquidity might have been compromised and we temporarily stopped the trading to investigate,” LeetSwap tweeted.
This tweet followed an alert from PeckShield that noted a report of an liquidity exploit. A community contributor reportedly said that a trading pair on the Base network was hacked for 340 ETH.
Leetswap was initially Base’ leading DEX, but it has since fallen from this status. As of 16 August, it has seen a 24% fall of total value locked over the past seven days.
Leetswap experienced more controversy when the price of Bald, a popular memecoin, crashed. The developer pulled 6,800 ETH from the LeetSwap liquidity pool.
Now Leetswap is ranked 29 out of 51 products by TVL on the Base network, according to DeFiLlama.
Base’ mainnet launch
Base has only recently been launched by the exchange giant Coinbase. Its developer-only mainnet went live in July, while it was opened to the public on 9 August.
Since the mainnet was opened to developers, the amount of total value locked has surged. It climbed from $22,000 on 27 July to $165million as of 16 August.