Rabby Wallet exploit prompts users to revoke access

Quick Take

  • An exploited Rabby Swap smart contract caused some users to lose funds as wallets were drained.

  • The full extent of the exploit remains unknown, and users are highly recommended to use access revoking tools to ensure safety.




Ethereum wallet service Rabby has reported an exploit in its smart contract for its Rabby Swap feature.

The full extent of the exploit remains unknown. However, users have reported the draining of funds from wallets. Rabby recommended that users revoke all existing approvals on all chains using the wallet provider’s settings, according to a thread on Twitter.

"If you have used it, please revoke all existing approvals on all chains for Rabby Swap. For those who haven't used Swap, your wallet is safe and unaffected. We are actively working to solve it and we will keep you updated," the project's team said.

The exploit occurred less than a month after Rabby Swap, a token exchange feature designed to optimize liquidity from numerous sources, went live on Sept. 14. Blockchain security firm PeckShield had previously conducted an audit of the Rabby Router smart contract that enables the swap feature.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Rabby Wallet did not immediately respond to The Block’s request for comment. 

This is a developing story.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Jeremy Nation is a senior reporter at The Block covering the greater blockchain ecosystem. Prior to joining The Block, Jeremy worked as a product content specialist at Bullish and Block.one. He also served as a reporter for ETHNews. Follow him on Twitter @ETH_Nation.