A $450,000 hack on Clipper was likely from a withdrawal vulnerability, not a leak, the decentralized exchange has said.
Decentralized exchange (DEX) Clipper has clarified it was a vulnerability in its withdrawal function that caused the recent $450,000 hack of its protocol — rather than a private key leak as suggested by a “third-party.”
Clipper said in a Dec. 1 X post that the attacker exploited two liquidity pools on Dec. 1, which took around 6% of its total value locked. It added no other pools were affected and the exploit had ended.
“There have been third-party claims suggesting a private key leak,” Clipper wrote. “We can confirm that this is not the case and is inconsistent with the design and security architecture of Clipper.”
