RocketSwap Leaked Keys on Server
$869K drained from RocketSwap on Base after a server breach yielded both the encrypted private keys and the automation script's decryption logic.
- Date
- Victim
- RocketSwap
- Chain(s)
- Status
- Funds Stolen
On August 14, 2023, the Base-chain DEX RocketSwap lost approximately $869,000 after attackers breached the project's server and obtained its private keys. The keys were stored encrypted on the same server as an automation script containing the decryption routine — so compromising the server yielded both the ciphertext and the means to decrypt it.
What happened
RocketSwap ran an auto-farming feature requiring server-side signing. The team stored the signing key encrypted, but the decryption logic and access lived on the same machine. A server compromise gave the attacker the encrypted key and the script that decrypts it — defeating the encryption entirely. The attacker drained ~$869K and routed it through Tornado Cash.
Aftermath
- RocketSwap acknowledged the leaked-key root cause publicly.
- Small protocol; minimal recovery.
Why it matters
RocketSwap is a crisp lesson in encryption-at-rest theatre: encrypting a key is meaningless if the decryption key/logic is co-located with the ciphertext and equally exposed. This is the operational-security cousin of Slope Wallet (seeds logged to a server) and Mixin (keys reachable from a breached cloud DB). The recurring rule: a secret is only as protected as the weakest path to its plaintext — and "encrypted, but the decryptor is right next to it" is not protection, it's a checkbox.
Sources & on-chain evidence
- [01]halborn.comhttps://www.halborn.com/blog/post/explained-the-rocketswap-hack-august-2023
- [02]decrypt.cohttps://decrypt.co/152519/meme-coin-base-dex-rocketswap-hit-866k-exploit
- [03]rekt.newshttps://rekt.news/rocketswap-rekt