$29 million stolen from from Step Finance treasury wallets
The Solana-based defi portfolio tracker Step Finance lost 261,854 SOL (~$28.7 million) when a thief gained access to treasury and fee wallets. It's not yet clear how the attacker was able to steal the funds, although Step Finance posted to Twitter that the theft occurred via a "well known attack vector". Step wrote that they were working with cybersecurity firms and law enforcement to address the incident.
Aperture Finance users lose at least $3.4 million
An attacker exploited a bug in an Aperture Finance smart contract to steal at least $3.4 million from users who had enabled "instant liquidity management" features. Aperture Finance is a defi platform that aims to allow users to trade by telling large language models their "intents".
Aperture has said they disabled portions of their web app impacted by the bug, and are working to try to trace and recover stolen funds.
$13.43 million stolen from Matcha Meta users in SwapNet exploit
Some users of Matcha Meta, a decentralized exchange aggregator on the Base blockchain, suffered losses after a thief exploited a vulnerability in its SwapNet integration. SwapNet is another DEX aggregator that integrates with Matcha Meta, and Matcha blamed a vulnerability in their smart contracts that enabled a thief to steal assets transferred via the integration.
Most of the lost funds came from a single user, who lost $13.34 million in assets. Other users lost a combined $90,000.
- "SwapNet Incident Post Mortem", Matcha Meta