Clober, a decentralized market on Base, recently experienced an exploit where 133 ETH was withdrawn from one of its liquidity vaults. The team behind Clober took immediate action, offering a white hat a 20% fee in exchange for helping to recover the funds. The hacker used a burn function flaw to steal the funds, depositing a small amount from Binance before moving the funds to the Ethereum mainnet through a bridge. Despite the team’s efforts to resolve the issue, the hacker retained the funds.
In response to the exploit, Clober reassured its community that the protocol itself was unaffected, and all core functionalities continued to operate normally. The protocol reported no other features were impacted by the hack and did not advise users to take any additional steps to secure their funds. Clober’s Arbitrum version and other components, such as Clober Core and the Mitosis testnet, remained secure and operational despite the hack. Additionally, the Clober V2 vault, which contains over $17K, was not affected.
Clober, being an early-stage protocol with relatively low liquidity, suffered a blow to its liquidity vault, which is now nearly empty. The project had recently onboarded liquidity, and the hack occurred shortly after. The hacker exploited a flaw in the burn function of the protocol, allowing them to withdraw the funds successfully. This incident came just days after Clober had completed an audit of its smart contracts, indicating that vulnerabilities may still exist even after security reviews.
The hacker’s method of exploiting the protocol involved depositing a small amount from Binance, using a burn function flaw to withdraw the funds, and moving them through a bridge to Ethereum addresses. The team is working with Match Systems to potentially offer a white hat solution, where the hacker would receive a fee but return most of the liquidity. Despite efforts to resolve the issue and the offer of a white hat fee, the hacker retained the stolen funds.
Clober had recently launched its liquidity vault on Base, aiming to provide a targeted liquidity approach for decentralized exchange trades. The project emphasized its ability to generate high volumes by focusing on common price ranges for traders. The exploit happened just days after Clober had promoted its liquidity vault approach, which aimed to improve DEX activity and swaps. The project had boasted about its liquidity generating high trading volumes, only to have a significant portion of it stolen in the hack.
Overall, the Clober hack highlighted the importance of security audits and ongoing monitoring for DeFi projects, especially those in the early stages of development. Despite the exploit, Clober remains committed to its protocol and continuing to build its offerings securely. The incident serves as a reminder of the risks involved in decentralized finance and the need for constant vigilance to prevent similar attacks in the future.