Rubic, a cross-chain decentralized exchange and a service that enables users to swap cryptocurrencies between exchanges, lost over $1.41 million over the weekend due to an exploit with malicious actors trying to prevent the DEX from recovering more than $1.34 million by sending them to a crypto mixer.

Blockchain security and data analytics company PechShield reported that the hack was due to an exploit that mistakenly added USDC into supported routers and warned that the lack of routerCallNative validation could allow the hacker to siphon funds from users with approvals to RubicProxy.

The data analytics company also tracked down the blockchain activities of the malicious actors behind the Rubic hack and ended up uncovering that around 1,100 ETH were already sent to crypto mixer Tornado Cash, making it harder for the company to recover lost funds.

Rubic immediately stopped all contracts to "prevent further harm" upon learning about the hack and cautioned its customers to avoid using rubic.exchange until the situation was resolved.

"Our contract became compromised because the USDC address was whitelisted to interact directly with Rubic," the company's official Twitter account said, explaining the root cause of the issue.

"We're investigating the reasons why, but it was required to work with some of our providers," it further said, noting that the company "will conduct audits with two independent companies in the coming weeks for further investigations."

Rubic said it will "compensate" the 49 affected addresses impacted by the exploit and advised those affected to "contact support."

Unfortunately, the DEX did not provide specifics on when it would resume operation but said that "the platform will continue to operate in the coming weeks."

It is worth noting that this is not the first time Rubic was attacked by malicious actors.

Just last month, the DEX lost over $1.2 million, based on the prevailing price at the time, because malicious actors used malware to gain access to the admin wallet's private keys.

The attackers stole 34 million RBC and BRBC tokens and immediately sold them on the Uniswap and PancakeSwap exchanges.

RBC is the native token of Rubis, while BRBC is the wrapped version of the token developed to enable users to trade in the BSC network.

Rubic's native token suffered following the million-dollar hack as it traded down $0.1237 from its previous price of $0.0183, showing a huge 32.4% plummet.

As of 12:18 a.m. ET on Monday, RBC was trading down 27.43% at $0.01328 with a 24-hour trading volume of $240,314, according to the latest data from CoinMarketCap.

1
Rubic is a multichain DEX aggregator, with instant & cross-chain swaps for Ethereum, BSC, Polygon, Harmony, Tron & xDai, limit orders, fiat on-ramps and more. Rubic Official YouTube Channel