Clober

On December 10, 2024, Clober, a decentralized exchange (DEX) operating on the Base network, suffered a security breach that resulted in the loss of approximately 133.7 ETH (around $501,000) from its newly launched Liquidity Vault. According to Cryptopolitan, the exploit was detected at 09:00 UTC and was traced to a reentrancy vulnerability in the _burn function of the Rebalancer contract. The attacker utilized a malicious strategy contract (0x32…) along with a 267.4 ETH flash loan from Morpho Blue to drain the funds in a single transaction, as reported by CertiK.

The stolen assets were quickly bridged to Ethereum mainnet via the Across protocol and distributed across two wallets (0x83…, 0x4b…), per Etherscan data. Despite having a modest daily trading volume of $1.2 million, according to DeFiLlama, Clober offered a 20% white-hat bounty amounting to $100,000 in an attempt to recover the funds and collaborated with Match Systems in the aftermath. However, the hacker declined the bounty and retained the stolen ETH, according to a statement from Clober’s official Twitter account (@CloberDEX).

Importantly, the core Clober V2 vault, which held a total value locked (TVL) of $17,000, and the Arbitrum version of the protocol were not impacted by the attack, as confirmed by Messari. Notably, the compromised contract had undergone a recent audit by Kupia Security, but the vulnerability was introduced after the audit due to subsequent code changes—a pattern increasingly common in fast-paced DeFi development, as highlighted by Web3IsGoingGreat.

This exploit, reminiscent of dYdX’s $9 million incident, underscores the persistent risks associated with smart contracts in the DeFi space. Although Clober’s quick response and transparency helped to prevent widespread panic, the event serves as a cautionary tale. Even audited code is not immune to flaws, especially when post-audit updates are made hastily. In the volatile world of decentralized finance, maintaining user trust means balancing innovation with rigorous security diligence.