Multiple Base crypto projects lose more than $1M to malicious players in 24hrs Multiple Base crypto projects lose more than $1M to malicious players in 24hrs

Multiple Base crypto projects lose more than $1M to malicious players in 24hrs

Malicious players are increasingly targeting projects on Base for their illegal activities.

Multiple Base crypto projects lose more than $1M to malicious players in 24hrs

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Two crypto projects, RocketSwap and SwirlLend, on Coinbase-backed layer2 network Base have lost more than $1 million to malicious players in the last 24 hours.

SwirlLend rugpulls

SwirlLend rug pulled over $460,000 on two blockchain networks, including Base, earlier today, according to CertiK.

SwirlLend is a lending platform based on Linea and Base. Data from DeFillama shows that the total value of assets locked on the protocol plunged to less than $50 from a peak of $769,440 recorded on Aug. 15.

SwirlLend’s social media accounts have been deleted, and its website was no longer accessible as of press time.

Blockchain security firm Peckshield reported that SwirlLend’s deployer had bridged $290,000 in cryptos from Base to Ethereum. Additionally, the attacker bridged 94 ETH from Linea to Ethereum via Orbiter Finance Bridge.

RocketSwap hacked

On Aug. 15, RocketSwap confirmed that it suffered a brute force attack that led to the loss of an undisclosed amount.

Peckshield estimated that the losses were around 471 ETH, equivalent to $865,000, and noted that the hacker bridged the funds from Base to Ethereum.

“Due to the proxy contract linked to our farm contract, multiple high-risk permissions became vulnerable,” RocketSwap said. “This resulted in the unauthorized transfer of the farm’s assets. Immediate steps were taken to shut down the farm and halt further potential risks.”

The decentralized exchange announced an emergency program to redeploy a new farm contract that will be open-sourced on-chain. It added that it would contact the hacker to return the funds.

However, some affected users believe that this was a rug-pull by the team itself and are also criticizing the project for locking comments and making it impossible for users to reach out.

Meanwhile, the RocketSwap attacker created two memecoins named LoveRCKT and LoveRCKT 2.0, and the value of both assets rapidly plunged after he removed liquidity from them.

Base becoming a fertile ground for bad actors

While DeFi exploits are common occurrences within the crypto space, Base is quickly becoming notorious for projects rug despite its relatively new launch.

BALD memecoin was one of the first projects on the L2 network and reached an $85 million market cap before it was rugged by its creator. 

Another project, FrensTech, was allegedly rug pulled by the AzFlin, a former employee of Uniswap. AzFlin withdrew 14 ETH in liquidity from the project, bankrupting it.

The incident led to his eventual dismissal from the decentralized exchange, with Uniswap CEO Adam Hayden saying the company does not condone such behavior. However, AzFlin has vehemently denied claims that he rugged the project.

Despite the rug pulls and exploits, Base has seen increased adoption. The total value of assets locked on the network has spiked to $226 million, representing an almost $100 million increase since Aug. 8, according to L2Beat data.