DEX aggregator Matcha Meta disclosed a security breach linked to its liquidity provider SwapNet following a smart-contract exploit.
The incident occurred on the Base blockchain and prompted Matcha Meta to urge users to revoke token approvals tied to SwapNet’s router contract.
Blockchain security firms estimated losses ranging from $13.3 million to as much as $16.8 million.
“So far, ~$16.8M worth of crypto has been drained,”
PeckShield said, adding that funds were swapped into Ether and bridged to Ethereum.
CertiK said the exploit stemmed from an arbitrary call vulnerability in the SwapNet contract that enabled unauthorised transfers.
Matcha Meta said the exposure was related to SwapNet rather than its own core infrastructure.
The breach followed another major smart-contract exploit earlier this month that wiped out $26 million from the Truebit protocol.
Smart-contract vulnerabilities accounted for more than 30% of all crypto exploit losses in 2025, according to industry data.
Security researchers said advances in artificial intelligence are increasingly being used to identify weaknesses in blockchain protocols.
At the time of reporting, Ethereum price was $2,917.40.