Emergency action plan shared by base project RocketSwap after $865K exploit

By: Mark Jessy

August 15, 2023 7:01 AM

On the 14th of August, an attack was made on the protocol that resulted in an estimated $865,000 loss, and RocketSwap Labs intends to contact the exploiter on-chain.

The RocketSwap Labs foundational project has announced its contingency plan to recover from the August 14 brute-force hack that stole $865,000, or 471 Ether (ETH).

On August 15th, the team announced→ their intentions to, among other things, open-source an updated version of their farm contract on the blockchain, give up minting rights (probably of RCKT), and demand the recovery of the stolen funds by hackers.

PeckShield, a blockchain security company, reports→ that on August 14, a hacker stole 471 ETH by bridging it from Base to Ethereum.

According to the report, the hacker made 90 trillion "LoveRCKT" tokens and sent them to Uniswap alongside 400 ether.

Initially reported→ by RocketSwap Labs at 11:06 UTC on August 14, additional information regarding the vulnerability was provided by PeckShield and another blockchain security firm, CertiK, a few hours later.

According to RocketSwap Labs, the server used by the exploited protocol was subjected to a brute force attack.

"There was a brute-force attack on the server, and the proxy contract utilized for the farm contract had many high-risk permissions that allowed the assets to be transferred. To stop any more destruction, we had to shut down the farm."

RocketSwap is a community-owned, decentralized Base exchange that is currently run by a decentralized autonomous organization (DAO).