New Hack in the Crypto World: Matcha Meta Suffers from SwapNet Breach Worth $16.8 Million

Not even a month into the new 2026 year has passed, and the crypto world has been shaken by yet another hacker attack. The company Matcha Meta, a popular aggregator of decentralized exchanges (DEX), has reported a security breach in its partner SwapNet. Users who opted out of the "One-Time Approvals" feature (one-time approvals) are at risk, as attackers exploited direct token permissions to steal funds.

According to PeckShieldAlert, cryptocurrencies worth approximately $16.8 million have been stolen so far. The attack occurred on the Base network, where the hacker exchanged about 10.5 million USDC for 3655 ETH, after which they began transferring funds to Ethereum. Transaction analysis shows that one victim's wallet lost over $13.3 million in USDC in a single operation, confirming the scale of the incident. Experts note that the root of the problem lies in the vulnerabilities of SwapNet's smart contracts, particularly in unlimited token approvals, which allow attackers to steal assets without additional confirmations.

Matcha Meta has already contacted the SwapNet team, which has temporarily disabled its contracts for investigation. Users are advised to immediately revoke all permissions for aggregators outside of the protected 0x contracts. Services like Revoke.cash have already published tools for checking and protecting wallets from this exploit.

This incident highlights the ongoing risks in the DeFi sector, where unlimited approvals often become a "live grenade" in users' wallets. According to industry sources, similar attacks lead to billions in losses annually, and only 1% of users regularly check their approvals.

For information on other hacker attacks and security tips, you can read on our website.