Clipper: Attacked due to a vulnerability in the withdrawal function, rather than the "third-party" claim of private key leakage

ChainCatcher news, decentralized exchange (DEX) Clipper clarifies that there was a vulnerability in its withdrawal function, which led to a recent hack of its protocol, resulting in a loss of $450,000, rather than the "third party" claim of a private key leak.

Clipper stated: "On December 1, the attacker exploited two liquidity pools, locking approximately 6% of the total value. A third party claimed there was a private key leak issue. We can confirm that this is not the case and is inconsistent with Clipper's design and security architecture. The withdrawal function in the form of a token (bundled exchange + deposit/withdrawal transactions) has been disabled."

Previously, the co-founder of security company Fuzzland posted on X that Clipper was "hacked due to an API vulnerability (such as private key leakage)," adding that the API might have vulnerabilities that allowed attackers to sign deposit and withdrawal requests, stealing more funds than they deposited.