Etherscan has flagged an address labeled “Rabby Swap Approval Exploiter” following a hack.
Rabby Wallet users were advised to revoke RabbySwap access via a tweet on Tuesday.
The suspected exploiter’s address held $146,500 in Ether
Most of the funds were transferred to Tornado Cash at press time.
Ethereum block explorer and analytics platform Etherscan flagged the address “0xb687550842a24D7FBC6Aad238fd7E0687eD59d55” in connection to an exploit on Rabby Wallet, an Ethereum Virtual Machine-compatible crypto wallet developed by DeBank.
The suspicious activity was noticed by Web3 security outfit Supremacy on Tuesday. Supremacy alerted the crypto community to a “suspected arbitrary transfer of user assets vulnerability” on the Rabby Swap Router contract.
Rabby Wallet tweeted confirmation of an exploit shortly after and advised used to revoke all existing RabbySwap approval across all compatible chains. RabbySwap Users can find instructions on how to revoke access here. Supremacy added that analysis is ongoing and might take a while since the Router does not leverage open-source code.
RabbySwap Exploiter Sends 114 Ether (ETH) To Tornado Cash
The Etherscan address tagged “Rabby Swap Approval Exploiter” held some 114 Ether (ETH) stolen from the Router contract at around 2:40 PM UTC. At today’s prices, the assets are worth over $140,000 with ETH trading at $1,290.
Data from the Ethereum block explorer shows that the address transferred 114 ETH to sanctioned crypto mixer Tornado Cash over several transactions. Transactions to the Ethereum-based mixing service started here.
The pattern is common with decentralized finance (DeFi) hackers who leverage the protocol to launder their illicit wealth, per reports.
Authorities from the U.S. Treasury Department backed their sanction of the Ethereum-based mixing protocol, accusing the platform of being a haven for cybercriminals and money laundering. The agency did however give conditions for lawful users to withdraw their digital assets from Tornado Cash.