The Rubic cross-chain exchange suffered an exploit in which attackers were able to siphon a total of around $1.4 million in user funds from their wallets. The exploit was enabled by an error by the project team, who erroneously added the USDC stablecoin address as a router, which allowed attackers to arbitrarily withdraw USDC held by Rubic users. The hacker then transferred the stolen funds through the Tornado Cash cryptocurrency mixer.Rubic paused their project to limit further thefts, and stated they would pursue audits before coming back online. They also stated that they would “strive to compensate for the losses”.

Total loss estimated at $1,400,000.