mySwap Starknet Exploit Drains $305K via Fake EVIL Token

mySwap’s concentrated liquidity (CL) pools on Starknet were drained of about $305,000 after an attacker used a fake “EVIL” token to manipulate pool accounting tied to mySwap’s CL pools and shared vault. The attack did not involve a private-key compromise or admin failure; it targeted live DeFi logic by abusing token interaction/accounting boundaries. Reportedly, the stolen balances include 137.96 ETH, 45,000 USDC, 19,900 USDT, and 230,000 STRK. The incident remains at the alert stage with no confirmed recovery or full postmortem published yet. For traders, the key takeaway is that CL/vault-based designs are sensitive to accounting integrity. Even a token that should be “worthless” can become an exploit entry point if validation and accounting constraints are not strict—raising vigilance around Starknet DeFi liquidity providers (LPs), vault exposure, and contract upgrade/interaction risks.
Neutral
This is a targeted DeFi accounting exploit on mySwap’s Starknet CL pools rather than a systemic market event. The loss size (~$305k) is meaningful for the affected protocol but small compared with total crypto market liquidity, which typically limits broad spillover. Still, exploits of concentrated-liquidity and shared-vault systems often trigger short-term risk-off behavior among DeFi LPs and those monitoring vault solvency. Historically, incidents where “accounting/state validation” fails (e.g., vault math edge cases or misrouted execution paths) tend to cause temporary drawdowns in the affected protocol’s activity and reduce new deposits until a postmortem and mitigations are confirmed. That can spill into short-term sentiment for the chain’s DeFi sector (here, Starknet), especially around STRK/DeFi liquidity. Longer term, if mySwap publishes a credible postmortem and introduces stricter validation/permission boundaries, the market impact usually normalizes. Without confirmed recovery or additional technical details, the prudent expectation is choppy sentiment in Starknet DeFi rather than a sustained market-wide bearish trend.