Cyber Incident Victim: QuickSwap

On October 24, 2022, QuickSwap publicly disclosed a security incident affecting its QuickSwap Lend service via a social media announcement. The platform confirmed that $220,000 was exploited through a flash loan attack targeting a vulnerability in the Curve Oracle implementation utilized by Market XYZ, a third-party lending market integrated with QuickSwap Lend. The attack specifically compromised Market XYZ's lending market operations but did not impact QuickSwap's core decentralized exchange contracts or other protocol infrastructure. QuickSwap attributed the exploit solely to the oracle vulnerability within Market XYZ's system, clarifying that no inherent flaws existed in their own audited smart contracts. The incident prompted the immediate decision to permanently discontinue QuickSwap Lend services to prevent further exposure, though existing liquidity pools and trading functions on QuickSwap remained operational throughout.

The financial impact was confined to the $220,000 loss directly attributable to the flash loan exploit within Market XYZ’s lending market. QuickSwap emphasized that user funds outside the compromised lending market were unaffected and reiterated the safety of its primary decentralized exchange operations. No collateral damage to other partnerships or integrated protocols was reported. In response, QuickSwap initiated service termination procedures for QuickSwap Lend while maintaining transparency about the incident’s scope through its official communication channels. The platform did not announce reimbursement plans or detailed forensic findings beyond confirming the oracle-related attack vector and third-party service involvement. Operations continued normally across all unaffected QuickSwap services following the lending market’s closure.