Clipper, a decentralized exchange (DEX), recently faced a $450,000 hack, which they’ve clarified was caused by a problem in their withdrawal system—not a private key leak.
The attack happened on December 1st, targeting two of the platform’s liquidity pools, taking around 6% of the total value locked. Clipper confirmed that the other pools were untouched and that the exploit has since been stopped.
In a post on X, the team addressed the rumors, "There have been third-party claims suggesting a private key leak; however, we can confirm that this is not the case and is inconsistent with the design and security architecture of Clipper".
Did you know?
Want to get smarter & wealthier with crypto?
Subscribe - We publish new crypto explainer videos every week!
What is Web3? (Animated Explanation + Examples)
They also explained that the feature allowing withdrawals in just one token—a process that combines swap, deposit, and withdrawal actions—has been disabled, as that’s where the vulnerability seems to have been.
Before Clipper’s statement, Chaofan Shou, Fuzzland's co-founder, said the hack might have been due to an application programming interface (API) vulnerability. They posted on X:
It is likely the API contains certain vulnerabilities and signed incorrect deposit / withdraw requests.
He suggested that the API may have let the attacker sign off on deposit and withdrawal requests, allowing them to grab more funds than they contributed.
Clipper is digging deeper into the breach and promises to share updates as they figure things out.
While Clipper’s hack was caused by a withdrawal vulnerability, other recent breaches tell a different story. In one case, a private key leak misuse led to the creation of counterfeit tokens. How did it happen? Read the full story.
