Trader Joe, a leading decentralized exchange (DEX), has been reportedly hacked. On Friday, November 17, the DEX reported via its account on X (formerly Twitter) that there was a vulnerability on its frontend interface. In the initial report, the DEX confirmed that its team was investigating the situation, advising users to refrain from trading or executing any transaction on the DEX.
🚨 Important Security Alert
We have been alerted to a possible vulnerability in our frontend interface. Our team is conducting an immediate and thorough investigation.
We strongly advise all users to refrain from trading and from executing any transactions on the Trader Joe…
— Trader Joe (@TraderJoe_xyz) November 17, 2023
A few hours later, the leading DEX noted that some users reported swaps on the frontend caused tokens to route to an unknown contract. Hence, the team took down the front end while attempting to resolve and secure the platform.
Trader Joe reported that the malicious contract setup launched at 18:34 GMT, impacting about 100 users. The exploit affected four chains: Avalanche, Arbitrum, BNB, and Ethereum. The DEX advised those impacted or those who suspect so to join the Trader Joe Discord and open a support ticket.
According to Trader Joe, the attack did not directly impact liquidity transactions, lending, or staking. However, it informed users that the frontend would stay down until it resolved the issue.
Several hours later, Trader Joe provided a more detailed report following a preliminary analysis. According to the report, the project’s team identified a potential exploit in a third-party analytics plugin. The team provided a contract address and asked users who performed transactions on the DEX after 18:34 GMT to revoke access to the contract address.
Trader Joe updated its report, noting that the exploit affected all chains on the DEX. Hence, it provided further directions for users to follow in resolving the issue, depending on the chain they used.
The DEX advised users to follow three steps in resolving their issues, including entering their wallet addresses or connecting with their wallets, searching using the provided contract address, and revoking access if the contract address appears in a search.
Disclaimer: The information presented in this article is for informational and educational purposes only. The article does not constitute financial advice or advice of any kind. Coin Edition is not responsible for any losses incurred as a result of the utilization of content, products, or services mentioned. Readers are advised to exercise caution before taking any action related to the company.
Read the full article here