Hacker creates memecoin after stealing $870,000 from RocketSwap on Base

Crypto Ecosystems • August 16, 2023, 12:17AM EDT
Published 3 minutes earlier on
the block

Quick Take

  • RocketSwap, a decentralized exchange built on the Base Layer 2 network, was hacked — losing 471 ETH (valued at $870,000).
  • The hacker transferred the stolen assets to Ethereum and created a memecoin named LoveRCKT. 

RocketSwap, a decentralized exchange built on the Base Layer 2 network, has been hacked. The perpetrator made off with 471 ETH ($870,000), according to security firm PeckShield.

RocketSwap’s team claimed to have identified the cause of the hack as a series of lapses, including the DEX's use of offline signatures in the launchpad deployment and a decision to store private keys on the server.

In the aftermath, some social media users leveled accusations against the team, suggesting the possibility of a rug pull, but the team insists a third-party hacker is to blame. 

The team claimed the hacker executed a brute force assault on a cloud server used by the project, enabling them to extract RocketSwap's private keys and then made asset transfers from its yield farm.

"We are sorry to inform you that the team needed to use offline signatures when deploying the launchpad and put the private keys on the server. A brute force hack of the server was detected, and due to the proxy contract used for the farm contract, there were multiple high-risk permissions that led to the transfer of the farm's assets," it said.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

This latest hack marks the second significant security lapse on the Base network in quick succession, following a hack on another decentralized exchange, LeetSwap, which lost $630,000 on July 31.

The Base network’s developer-only mainnet was activated in July, initiating a phase restricted to developers and followed by a wider public release. Since the developer phase, over $200 million in assets has been transferred to the network from Ethereum.

Hacker's memecoin antics 

Following yesterday's RocketSwap incident, PeckShield noticed that RocketSwap’s hacker moved the stolen assets from the Base blockchain to Ethereum and quickly created a memecoin named LoveRCKT.

This newly minted token was then paired with 400 ETH of liquidity on Uniswap. Despite being deployed by the hacker, traders piled in. LoveRCKT’s price tripled in just one day, rising from $0.00000001 to $0.00000003, before dropping by more than 90%. 


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Ryan Weeks at
[email protected]

More by Vishal Chawla