A hacker began draining user funds on May 14 through the decentralized exchange (DEX) Equalizer. The misuse of funds only became apparent when the Equalizer team tweeted warning users to stop interacting with the exchange.

So far, the hacker has drained around 2,353 Equalizer (EQUAL) and several other tokens from users. Though the value of the stolen tokens is low, the small transactions allowed the hacker to continue siphoning user funds under the radar.

Source: Equalizer

The hacker’s wallet address was established over 222 days ago and is continuing to receive the stolen user funds.

The theft began with 2,500 SpookySwap liquidity tokens (spLP) being drained at around 4:10 am UTC on May 14, which led to many other tokens being taken from users.

The total number of tokens drained so far include:

As a result, EQUAL price is down almost 11% on the day to around $8.90.

To add insult to injury, a scammer then created a fake Equalizer X account and posted how affected users could claim a refund.

Source: Fake Equalizer account

It is not yet clear whether all the tokens were drained through the Equalizer DEX, but the Equalizer team is currently still investigating the exploit. 

Through the Equalizer Discord channel, the team announced a preventative measure for users to take to stop further loss of funds:

“If connecting to the dapp [[Connect Wallet]] asks you to Approve something, immediately Stop using that site. If the dapp asks you to interact with a contract you have never interacted with earlier, Stop using that site. If it asks you to approve any contract that is unknown or not in our docs, Stop using that site.”

Equalizer Discord member “543” informed the community that users are safe if they “did not interact with Equalizer Websites since 6 hours ago.” However, if users interacted with the websites in the last six hours, “543” requested that users “please revoke all your approvals made during this time.”

Source: Equalizer Discord channel

The team is “working on restoring the main website” and has informed users to avoid using the main website until updated.