On the first day of August 2023, Base Blockchain, an Ethereum Layer 2 solution supported by Coinbase, underwent a significant security violation. The breach was flagged by blockchain security specialist, PeckShield. They reported that an exploit of Liquidity Provider (LP) pairs on the Base platform led to a loss of approximately 340 ETH, equivalent to approximately $630,000.

The Defi sector is no stranger to flash loan attacks, and the data pattern seen in this instance fits the bill. The malicious transaction data exhibits a sequence of trades involving Axelar Wrapped USDC (axlUSDC) tokens and Wrapped Ethereum (WETH). Here's how the exploit unfolded:

A modest initial transfer of WETH takes place.
Next, a large quantity of axlUSD tokens and WETH are borrowed.
A series of trades manipulates market prices on a decentralized exchange, possibly LeetSwap.
The attacker repays the borrowed tokens, which, due to manipulated market rates, are less than the initial loan.
The attacker pockets the remaining amount.
Diving deeper into the data reveals that a specific address acts as the go-between for the transfer of sizable amounts of ETH. One of the key transfers noted is a sizable 119.44 WETH from one address back to the starting address.

One aspect of the exploit involved an encoded function call, '0xe2d6a23b00000000000000000000000094dac4a3ce998143aa119c05460731da80ad90cf', as part of the transaction sequence. This call indicates the likely manipulation of a particular function within the targeted smart contract of the breached protocol on the Base platform.

It's interesting to note that prior to Peckshield publicizing the incident, LeetSwap, a decentralized exchange branding itself as "the #1 DEX ecosystem for elite degens", tweeted about a liquidity pool incident on its platform.

In a later update, LeetSwap confirmed they had begun working with on-chain security experts to recover the locked liquidity.