The popular decentralized exchange (DEX), Trader Joe, announced a security breach in its frontend interface on Nov. 17.
The breach, identified in a third-party analytics plugin, potentially exposed numerous users, prompting immediate action by the platform’s team.
The Trader Joe’s team discovered the vulnerability during a routine check, revealing compromised JavaScript code in an analytics tool. The breach occurred at approximately 18:34 GMT, impacting all chains, including Avalanche (AVAX), Arbitrum (ARB), and Ethereum (ETH).
The team quickly removed the malicious code and temporarily shut down the front end to mitigate the risks. The incident rerouted some users’ transactions to an unknown contract: “0xd8ea…33581bf.”
The Trader Joe’s team urged affected users to revoke access given to this contract.
In response, Trader Joe advised users to check and revoke approvals of the malicious contract using token approval checkers and wallet services.
The DEX also emphasized confirming contract addresses during transactions using their developer documents. The Trader Joe Discord provided guided support.
Following investigation and remediation, Trader Joe has restored its front end, ensuring it is safe for trading, liquidity, staking, and lending.
The DEX aims to prevent future vulnerabilities by eliminating third-party integrations.
Also Read: Tron Founder Offers Hackers $10 Million Bounty to Return Funds
