Meme Coin Base DEX RocketSwap Hit by $866K Exploit

Price data by

RocketSwap, the second-largest decentralized exchange by trading volume on Base, was hacked for around $866,500 due to a private key compromise from their online servers.

The DEX led Base’s meme coin hype after its mainnet launch last week. Base is an Ethereum layer-2 solution incubated by Coinbase.

RocketSwap’s team detected a hack early Tuesday morning as it tweeted about an “anomaly” in its DeFi farms.

The team has detected an anomaly on the farm and we are investigating the problem.

— RocketSwap (@RocketSwap_Labs) August 14, 2023

RocketSwap’s farms are specialized pools that provide additional yield in the protocol’s native RCKT tokens for liquidity providers.

An hour later, the team confirmed the hack citing a “brute force hack of the server” where the team stored its private keys.

Hackers drained the farm of the project’s governance token RCKT and Wrapped Ethereum (WETH) and later converted RCKT tokens to approximately 471 ETH worth $866,500.

The team shut down the farm and revoked and “waived” the “minting rights” for new positions.

Blockchain security firm PeckShield confirmed that the exploiter bridged approximately 471 ETH from Base to Ethereum.

RocketSwap made a “call on hackers” to return stolen assets.

RocketSwap did not immediately respond to Decrypt’s request for comment.

RocketSwap Hacker launches meme coin

PeckShield also found that the address later used the funds to create a meme coin called LoveRCKT and supplied it with 400 ETH liquidity on Uniswap.

#PeckShieldAlert The @RocketSwap_Labs exploiter has grabbed ~471 $ETH and bridged them from #Base to #Ethereum, and then created the token $LoveRCKT, the exploiter already supplied 90T $LoveRCKT and 400 $ETH to #Uniswap https://t.co/z12YlLjbsn pic.twitter.com/Wxaph6lcuD

— PeckShieldAlert (@PeckShieldAlert) August 15, 2023

Meme coins are tokens inspired by internet memes or resonate among a community. The market’s largest meme coins by market capitalization are Dogecoin (DOGE) and Shiba Inu (SHIB).

The RocketSwap team explained in a post-mortem of the attack that the team “needed to use offline signatures when deploying the launchpad.”

The launchpad is a new feature of RocketSwap which helps new DeFi projects raise capital via an initial token sale.

RocketSwap team will “redeploy a new farm contract” by removing that vulnerability that allowed the hackers to steal funds from the farm. They will move ahead with the Launchpad plans as well.

Another DEX on Base, LeetSwap was exploited at the start of this month.

Meme Coin Base DEX RocketSwap Hit by $866K Exploit

The RocketSwap hackers then bridged the stolen amount back to Ethereum and created a meme coin with the loot.

Decrypt’s Art, Fashion, and Entertainment Hub.

RocketSwap Hacker launches meme coin

Stay on top of crypto news, get daily updates in your inbox.

Coin Prices

Your Web3 Gaming Power-Up

Decrypt’s Art, Fashion, and Entertainment Hub.

RocketSwap Hacker launches meme coin

Stay on top of crypto news, get daily updates in your inbox.