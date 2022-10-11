Rabby, the wallet developed by DeBank, tweeted that there is an exploit on Rabby Swap smart contract. If users have used it, please revoke all existing approvals on all chains for Rabby Swap. The team is actively working to solve it.

The exact scope of the exploit is unknown. However, some have stated that their wallets have been emptied. According to a Twitter thread, Rabby advised users to withdraw all existing approvals on all chains using the wallet provider’s settings.

There is an exploit on Rabby Swap smart contract. If you have used it, please revoke all existing approvals on all chains for Rabby Swap. For those who haven't used Swap, your wallet is safe and unaffected.We are actively working to solve it and we will keep you updated. — Rabby Wallet (@Rabby_io) October 11, 2022

The attack impacted assets on multiple chains. The attacker tumbled 114 ETH (~$146,000) through Tornado Cash shortly after the hack, along with 179 BNB (~$48,500). The full extent of the attack is still being measured. The buggy contract that enabled the attack had been audited by blockchain security firm PeckShield, but the vulnerability had apparently gone undetected.

#PeckShieldAlert The Rabby Wallet exploiter already transferred ~179 $BNB into Tornado Cash https://t.co/lTieBTPOzf pic.twitter.com/RpsxBzC1Yt — PeckShieldAlert (@PeckShieldAlert) October 11, 2022

The attack happened less than a month after Rabby Swap, a token exchange feature meant to maximize liquidity from many sources, was live on September 14.

PeckShield had previously audited the Rabby Router smart contract, which allows the exchange feature.