$305K Exploit Rocks mySwap, Highlighting DeFi's Math Flaw Vulnerability

mySwap, a decentralized exchange on Starknet, was hit by a $305K liquidity pool exploit. The attack occurred when attackers used a fake token called 'EVIL' to trick mySwap's liquidity pool system and drain around $300K-$305K in assets.

The exploit targeted smart contract math flaws, allowing stolen funds such as ETH, USDC, USDT, and STRK to be moved and later hidden using Railgun. The incident is the latest in a series of DeFi exploits in 2026, with hundreds of millions of dollars lost through smart contract and bridge vulnerabilities.

mySwap confirmed that almost all remaining liquidity inside the system was drained during the attack. Even though the platform was no longer actively growing, it still had locked funds sitting in smart contracts, which became the target.