Clipper DEX

On December 1, 2024, Clipper, a decentralized exchange (DEX), experienced a $450,000 hack caused by a vulnerability in its withdrawal function. The attacker exploited two of Clipper’s liquidity pools, draining approximately 6% of the protocol’s total value locked. Contrary to third-party speculation, Clipper clarified that the breach was not due to a private key leak but stemmed from a flaw in the withdrawal mechanism that allowed single-token withdrawals. The exploit was contained to those two pools, with no impact on others. In response, Clipper paused swaps and deposits while restricting withdrawals to only mixed-pool assets. The team is currently tracing the stolen funds and conducting an investigation, urging the attacker to come forward for a potential resolution. This incident adds to the $1.48 billion in crypto stolen across 2024, underscoring the persistent security challenges facing DeFi protocols.