RocketSwap, the second-largest decentralized exchange by trading volume on Base, was hacked for around $866,500 due to a private key compromise from their online servers.

The DEX led Base’s meme coin hype after its mainnet launch last week. Base is an Ethereum layer-2 solution incubated by Coinbase.

RocketSwap’s team detected a hack early Tuesday morning as it tweeted about an “anomaly” in its DeFi farms.

RocketSwap’s farms are specialized pools that provide additional yield in the protocol’s native RCKT tokens for liquidity providers.

An hour later, the team confirmed the hack citing a “brute force hack of the server” where the team stored its private keys.

Hackers drained the farm of the project’s governance token RCKT and Wrapped Ethereum (WETH) and later converted RCKT tokens to approximately 471 ETH worth $866,500.

Ethereum
ETH
-10.69%$1,614.59

24H7D1M1YMAX
Created with Highcharts 10.3.312:00PMApr 712:00PMApr 812:00PMApr 912:00PMApr 1012:00PMApr 1112:00PMApr 1212:00PMApr 13$1300$1400$1500$1600$1700$1800$1900

The team shut down the farm and revoked and “waived” the “minting rights” for new positions.

Blockchain security firm PeckShield confirmed that the exploiter bridged approximately 471 ETH from Base to Ethereum.

RocketSwap made a “call on hackers” to return stolen assets.

RocketSwap did not immediately respond to Decrypt’s request for comment.

RocketSwap Hacker launches meme coin

PeckShield also found that the address later used the funds to create a meme coin called LoveRCKT and supplied it with 400 ETH liquidity on Uniswap.

Meme coins are tokens inspired by internet memes or resonate among a community. The market’s largest meme coins by market capitalization are Dogecoin (DOGE) and Shiba Inu (SHIB).

The RocketSwap team explained in a post-mortem of the attack that the team “needed to use offline signatures when deploying the launchpad.”

The launchpad is a new feature of RocketSwap which helps new DeFi projects raise capital via an initial token sale.

RocketSwap team will “redeploy a new farm contract” by removing that vulnerability that allowed the hackers to steal funds from the farm. They will move ahead with the Launchpad plans as well.

Another DEX on Base, LeetSwap was exploited at the start of this month.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.