SwapNet Hack

On January 26, 2026, SwapNet, a liquidity and swap router associated with Matcha Meta, was exploited for about $13.3 million, per PeckShield. The attack abused approvals that users had granted to SwapNet’s router contract, letting the attacker move funds out of approving wallets, and Matcha Meta’s post-mortem urged all users to immediately revoke any approvals to the router. The team initially saw a higher headline figure that included a separate Aperture Finance incident before confirming SwapNet’s own losses at $13.3 million. The episode was a renewed reminder of the systemic risk created by broad, long-lived token approvals in DeFi, and reinforced best practices around minimal approval grants, regular approval auditing through tools such as Revoke.cash, and rigorous review of router and aggregator contracts that hold delegated spending power.