Rabby Smart Contract By DeBanks Is Latest Exploit Victim

The Wallet Developed by DeBank  tweeted about the loss

Rabby the wallet developed by DeBank tweeted about an exploit on the Rabby Swap Smart Contract. The exact size of the exploit is still unknown at the time as some have claimed emptied wallets. Rabby advised all users to withdraw all existing approvals on every chain that has the settings of the respective wallets.

The attack was on multiple chains with the attacker tumbling 114ETH( $146K) and 179 BNB ($48.5K) through Tornado Cash. Tornado Cash is a money laundering protocol used by those that want to hide their ill-gotten crypto gains from being discovered. The protocol has recently been hit with Sanctions by the U.S Treasury. 

The attack is currently being investigated and the full extent will be discovered soon. The culprit appears to be a vulnerability in a buggy contract that had already been audited by the firm Peckshield, a blockchain security firm. It would appear that the vulnerability went undetected by the firm. 


This attack happened less than a month after Rabby Swap, the token exchange feature on the protocol, went live. Rabby swap is meant to maximize liquidity from many sources but it seems the feature has been used to liquidate the wallets of the users.

The team at Rabby has stated they are actively working toward finding a solution. The exploit was first found by Supremacy Inc a web3 focused security firm

At this time the team has not said whether users should continue using the platform but it would probably be a safe bet to stay off Rabby until the exploit has been contained.

Leave a Reply