{"id":93537,"date":"2026-01-26T10:53:30","date_gmt":"2026-01-26T07:53:30","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=93537"},"modified":"2026-01-26T10:55:22","modified_gmt":"2026-01-26T07:55:22","slug":"zachxbt-criticizes-circles-inaction-following-16-8-million-swapnet-hack","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/zachxbt-criticizes-circles-inaction-following-16-8-million-swapnet-hack\/","title":{"rendered":"ZachXBT Criticizes Circle&#8217;s Inaction Following $16.8 Million SwapNet Hack"},"content":{"rendered":"<p>On January 26th, unknown attackers targeted the liquidity provider SwapNet. The first to highlight this were developers of the <a href=\"https:\/\/forklog.com\/en\/news\/what-is-a-decentralised-exchange-dex\">DEX<\/a> aggregator Matcha Meta.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">We are aware of an incident with SwapNet that users may have been exposed to on Matcha Meta for those who turned off One-Time Approvals<\/p>\n<p>We are in contact with the SwapNet team and they have temporarily disabled their contracts<\/p>\n<p>The team is actively investigating and will provide\u2026<\/p>\n<p>\u2014 Matcha Meta \ud83c\udf86 (@matchametaxyz) <a href=\"https:\/\/twitter.com\/matchametaxyz\/status\/2015542139791569260?ref_src=twsrc%5Etfw\">January 25, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Users of Matcha Meta who had disabled the one-time approval feature and manually granted permissions to SwapNet contracts were at risk.<\/p>\n<p>To prevent similar risks in the future, developers removed this feature.<\/p>\n<p>PeckShield specialists estimated the damage at $16.8 million. The perpetrator converted 10.5 million <a href=\"https:\/\/forklog.com\/en\/news\/what-is-the-usdc-stablecoin\">USDC<\/a> into 3,655 ETH on the <a href=\"https:\/\/forklog.com\/en\/news\/what-is-base-coinbases-l2\">Base<\/a> network and began transferring funds to Ethereum.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/PeckShieldAlert?src=hash&#038;ref_src=twsrc%5Etfw\">#PeckShieldAlert<\/a> Matcha Meta has reported a security breach involving SwapNet. Users who opted out of &#8220;One-Time Approvals&#8221; are at risk.<\/p>\n<p>So far, ~$16.8M worth of crypto has been drained.<\/p>\n<p>On <a href=\"https:\/\/twitter.com\/hashtag\/Base?src=hash&#038;ref_src=twsrc%5Etfw\">#Base<\/a>, the attacker swapped ~10.5M <a href=\"https:\/\/twitter.com\/search?q=%24USDC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$USDC<\/a> for ~3,655 <a href=\"https:\/\/twitter.com\/search?q=%24ETH&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$ETH<\/a> and has begun bridging funds to\u2026 <a href=\"https:\/\/t.co\/QOyV4IU3P3\">https:\/\/t.co\/QOyV4IU3P3<\/a> <a href=\"https:\/\/t.co\/6OOJd9cvyF\">pic.twitter.com\/6OOJd9cvyF<\/a><\/p>\n<p>\u2014 PeckShieldAlert (@PeckShieldAlert) <a href=\"https:\/\/twitter.com\/PeckShieldAlert\/status\/2015608261119217671?ref_src=twsrc%5Etfw\">January 26, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>CertiK analysts <a href=\"https:\/\/x.com\/CertiKAlert\/status\/2015538759173919219\">reported<\/a> a theft of $13.3 million in USDC. The affected project&#8217;s team has yet to comment on the incident.<\/p>\n<p>SwapNet is one of Matcha Meta&#8217;s leading routers for obtaining the best quotes or accessing deep <a href=\"https:\/\/forklog.com\/en\/news\/what-are-liquidity-pools-and-how-do-they-work\">liquidity pools<\/a>.<\/p>\n<p>On-chain detective ZachXBT noted Circle&#8217;s slow response. According to him, about 3 million coins remain at an address that could technically be frozen. However, the company took no action even 10 hours after the hack.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">History has shown that Circle is a bad actor.<\/p>\n<p>SwapNet contracts were exploited for $13M USDC on Base ~10 hours ago. <\/p>\n<p>3M USDC is still sitting freezable at<br \/>0x6cAad74121bF602e71386505A4687f310e0D833e<\/p>\n<p>Why should anyone continue building on <a href=\"https:\/\/twitter.com\/search?q=%24USDC&#038;src=ctag&#038;ref_src=twsrc%5Etfw\">$USDC<\/a> when you never take care of your\u2026 <a href=\"https:\/\/t.co\/fgP3EmS7Qr\">pic.twitter.com\/fgP3EmS7Qr<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/2015659175892885541?ref_src=twsrc%5Etfw\">January 26, 2026<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><em>&#8220;Why should anyone continue building on USDC when you, as a centralized issuer, never protect your users&#8217; interests?&#8221; the expert asked.<\/em><\/p>\n<\/blockquote>\n<p>The year 2026 has started poorly for the DeFi sector. In January, several decentralized projects were hacked:<\/p>\n<ul class=\"wp-block-list\">\n<li>The Ethereum verification protocol Truebit <a href=\"https:\/\/forklog.com\/en\/news\/truebit-token-plummets-after-26-million-hack\">lost<\/a> 8,535 ETH ($26.4 million) due to a smart contract attack;<\/li>\n<li>The first-level blockchain Saga <a href=\"https:\/\/forklog.com\/en\/news\/saga-blockchain-hacked-7-million-stolen-stablecoins-depegged\">lost<\/a> $7 million in USDC;<\/li>\n<li>Hackers <a href=\"https:\/\/forklog.com\/en\/news\/waltio-faces-extortion-following-data-breach-of-50000-clients\">stole<\/a> data from 50,000 accounts of the French crypto company Waltio and demanded a ransom.<\/li>\n<\/ul>\n<p>In 2025, the volume of stolen funds <a href=\"https:\/\/forklog.com\/en\/news\/losses-from-crypto-hacks-reached-3-4bn-in-2025\">reached $3.4 billion<\/a>, the highest since 2022. Three incidents, including the $1.46 billion Bybit hack, accounted for 69% of all losses.<\/p>\n<p>Mitchell Amador, CEO of the Web3 security platform Immunefi, <a href=\"https:\/\/forklog.com\/en\/news\/major-hacks-spell-doom-for-80-of-crypto-protocols-experts-say\">called<\/a> a major hack a &#8220;death sentence&#8221; for 80% of protocols.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On January 26th, unknown attackers targeted the liquidity provider SwapNet. The first to highlight this were developers of the DEX aggregator Matcha Meta.<\/p>\n","protected":false},"author":1,"featured_media":93538,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"ZachXBT criticizes Circle's inaction after $16.8M SwapNet hack.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1220,44,1093,787],"class_list":["post-93537","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-circle","tag-cybercrime","tag-defi","tag-dex"],"aioseo_notices":[],"amp_enabled":true,"views":"186","promo_type":"1","layout_type":"1","short_excerpt":"ZachXBT criticizes Circle's inaction after $16.8M SwapNet hack.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93537","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=93537"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93537\/revisions"}],"predecessor-version":[{"id":93539,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/93537\/revisions\/93539"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/93538"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=93537"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=93537"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=93537"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}