Matcha Meta remove direct permission dem after $16.8M SwapNet exploit

Published: 2026-01-26 17:00:56 |

Matcha Meta don reveal say dem get SwapNet-related exploit wey allow attackers comot about $16.8 million by abusing an “arbitrary call” vulnerability for the SwapNet router contract. Security firms PeckShield and CertiK report say the attacker swap about $10.5M–$13.3M USDC on Base into about 3,655 ETH and bridge the proceeds go Ethereum. Matcha Meta talk say the exposure affect users wey disable One-Time Approval and set direct allowances on aggregator contracts; accounts wey dey use One-Time Approval no suffer. After dem consult 0x protocol developers, Matcha Meta confirm say the issue no involve 0x’s AllowanceHolder or Settler contracts and dem remove the option to set direct allowances to reduce future risk. The incident show say smart-contract risks still dey for aggregator integrations and cross-chain bridges. Traders suppose check and revoke persistent allowances, avoid direct aggregator approvals, monitor bridging flows, and make them dey careful with new aggregator features. The exploit join other recent DeFi losses — like Bybit, Makina Finance and SagaEVM breaches — and e dey add to security worries wey fit affect liquidity and risk premiums for DeFi markets.

Bearish

Di exploit fit likely bearish for di tokens an services wey dem involve because e dey raise perceived risk around aggregator integrations an cross‑chain operations. Short‑term effects: more selling pressure or less demand for aggregator‑related tokens an assets for di chains wey dey affected (specially ETH liquidity wey dem move via Base), gas go increase for bridging, an traders go do risk‑off moves—dem go revoke allowances an reduce exposure to aggregators. Market makers fit widen spreads an liquidity providers fit withdraw funds from risky pools, wey go increase slippage an costs. Long‑term effects: protocol‑level fixes (remove direct allowances) an beta auditing fit restore confidence, but if incidents repeat trust go dey erode an security risk premium go remain high. For ETH specifically, even though di hack involve swapping USDC to ETH an bridging, ETH big market liquidity an many use cases mean say e no likely make price fall long‑term just from this event; still, expect short‑term volatility an localised sell pressure. Overall, di news dey dampen sentiment for aggregator integrations an cross‑chain bridge activity, making market conditions more cautious until auditors an developers show durable fixes.