Kame Aggregator on Sei Hit by $1M Exploit, Hacker Returns 185 ETH

TLDR:

• Kame Aggregator exploit drained over $1M from Sei users by abusing unlimited token approvals on connected wallets.
• Users were urged to revoke token permissions through Revoke.cash and Rabby Wallet to prevent further losses.
• Hackers agreed to return 185 ETH, with Kame confirming funds were transferred back to a recovery wallet.
• A compensation plan for affected wallets is being prepared as Kame continues its investigation and security checks.

It was a tense start to the weekend for users of Kame Aggregator on Sei. A wallet-draining exploit hit the platform, leaving funds exposed. The attack targeted users with active token approvals and quickly siphoned over $1 million from connected wallets. 

Kame’s team moved fast, alerting users to revoke permissions and limit exposure. A partial recovery has now been confirmed, giving affected users some relief.

Kame Aggregator Exploit Drains $1M Through Token Approvals

Security researcher Abhi reported the exploit, warning that two malicious drainer contracts were actively draining funds. 

The attack abused unlimited spend permissions given to Kame contracts, a common approval risk in DeFi. Wallets that had granted access to the malicious addresses were targeted directly, with attackers pulling assets in real time.

Users were urged to immediately revoke approvals through tools such as Rabby Wallet and Revoke.cash. A dedicated checker was rolled out to help users see if they were at risk. 

The incident highlights how critical it is to monitor active token permissions and revoke them when not needed.

Kame’s official X account confirmed the exploit and advised users to secure their wallets. They stated that the team was working closely with partners to track the funds and identify affected users. 

According to early updates, efforts to communicate with the attacker began soon after the breach.

The exploit caused a rush among users to revoke approvals as they scrambled to protect remaining assets. This quick action may have helped limit further damage as the attack was ongoing.

Recovery of 185 ETH and Compensation Plan

Hours later, Kame announced that the attacker had agreed to return a portion of the stolen funds. They confirmed that 185 ETH had been transferred back to a recovery wallet. The team thanked partners across the Sei ecosystem for helping spread the word quickly.

Kame stated they are now gathering information on all affected wallets. A compensation plan will be shared once the investigation is complete. Users are being asked to remain alert and keep approvals disabled until full security checks are finalized.

The recovery of a portion of the funds marks progress, but most of the stolen assets are still unaccounted for. Kame is continuing its investigation and coordinating with ecosystem security teams. Updates are expected to be released in the coming days as the team finalizes next steps.

This exploit has reignited discussions about DeFi safety and the risks tied to unlimited token approvals. For many users, this will be a reminder to audit wallet permissions regularly and only grant approvals when necessary.

The post Kame Aggregator on Sei Hit by $1M Exploit, Hacker Returns 185 ETH appeared first on Blockonomi.