---

Learn More

Trader Joe, a decentralized exchange (DEX), discovered a security breach within an analytics plugin used on its platform. On November 17, the team at Trader Joe detected malicious JavaScript code within a third-party analytics tool during routine maintenance.

The compromised code poses significant threat to users, potentially exposing them to unauthorized transactions rerouted to a malicious contract.

The breach has implications for users across several blockchain networks, including Avalanche (AVAX), Arbitrum (ARB), and Ethereum (ETH). Trader Joe team eliminated the malicious code and temporarily disabled their frontend service to halt any further exploitation.

The specific malicious contract is identified by the address “0xd8ea07f43bc5045ec49ab52a3da2d0bf533581bf,”. Trader Joe urges users who transacted on the DEX after the time of the breach to immediately revoke any permissions granted to this contract to prevent possible asset losses.

Users are directed to employ various token approval checking tools available on platforms such as SnowTrace, Arbiscan, and BSCScan, as well as using the Rabby Wallet’s Approval Centre or revoke.cash. Users can either enter their wallet addresses manually or connect their wallets directly to these services to revoke access to the dubious contract.

For those seeking assistance, Trader Joe made their Discord channel available for support, albeit with a note cautioning users about potential response delays due to high demand.

No details are available about the number of affected users.

After the investigation and implementation of necessary security upgrades, Trader Joe announced the restoration of its frontend services. They reassured users that the platform was secure for all standard operations, including trading, adding liquidity, staking, and lending activities. The DEX also confirmed that no additional third-party integrations or services were currently in use, a strategic move to minimize the risk of similar vulnerabilities in the future.