Decentralized exchange QuickSwap exploited for $220K, plans to close lending markets

Quick Take

  • QuickSwap DEX was exploited for $200,000.
  • The exploit used flash loans to attack a vulnerability with the Curve Oracle.

QuickSwap, a decentralized exchange on Polygon, was exploited for $220,000, according to the exchange.

The exploit took place on the Market XYZ lending market, which was the only platform compromised, according to QuickSwap. The attack had initially been linked to Qi DAO — which issues the miMatic stablecoin — by PeckShield. The security and analytics firm later attributed the attack to an exploit on QuickSwap.

The DEX later confirmed that $220,000 had been exploited using flash loans, and QuickSwap lend is now set to close. An update had been promised in the early hours of Monday, but users were left waiting around 12 hours for any clarity on the issue.  

"We are encouraging users with funds deposited in Market xyz's open markets on QuickSwap to withdraw them now, as we are in the process of closing them down," QuickSwap wrote on Twitter.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

"It is a price manipulation issue. The miMATIC market uses CurvePoolOracle for price feed, which is manipulated to borrow funds from the market," PeckShield wrote on Twitter.

It appears the exploit used price manipulation to borrow funds at an inflated price, based on PeckShield's analysis. The exploiter has since bridged the funds back to Ethereum, before depositing them on Tornado Cash — the mixing service that was subject to U.S. Treasury sanctions in August. 

No user funds were compromised according to QuickSwap, who did not immediately respond to a request for comment from The Block.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Adam Morgan is a reporter covering cryptocurrency, financial markets, and economics – anything from price movements, earnings reports, and inflation to the U.S. Federal Reserve interest rate decisions and everything in between. Adam is based in London.