Skip to main content
Sign in

Dexible V2

avoid.net/dexible-v218/100·88% conf.
[AI-DRAFTED · AWAITING VERIFICATION][src:defillama]
anchored·3foX9r…kiaB

Summary

Dexible V2 is a multichain DEX aggregator that suffered a critical smart contract exploit on February 17, 2023, resulting in approximately $2 million in user funds stolen across Ethereum and Arbitrum. The attack exploited an unvalidated router address in the selfSwap function of the v2 contracts, which had never undergone a formal third-party security audit. Stolen funds were laundered through Tornado Cash and have not been recovered; the protocol has since ceased operations.

Connected Entities

1 entities · 10 linked investigations
Exchanges
Dexible V2
Relationships
    Also appears in
    Saga EVM Blockchain·32Mach-O Man Malware Campaign (Lazarus / Chollima)·0Gamma Strategies·28Bunni Protocol·28BitGrail·2Shunda Park Scam Compound·0Lulo·55Thorchain DEX·28Crossmint·70Access Protocol·47
    Have evidence about Dexible V2?

    Timeline(7 events)

    2023-02-17

    Attacker (0x684083f312ac50f538cc4b634d85a2feafaab77a) exploits selfSwap vulnerability in Dexible V2 contracts, stealing approximately $2 million across Ethereum and Arbitrum from 17 user accounts.

    CoinDesk

    2023-02-17

    PeckShield raises public alarm about the exploit on Twitter, approximately five hours before Dexible's official response.

    REKT News

    2023-02-17

    Dexible issues official announcement more than nine hours after the exploit began; CEO Michael Coon states contracts have been paused.

    CoinTelegraph

    2023-02-17

    Attacker converts stolen TRU tokens to ETH via SushiSwap and routes approximately $1.5 million through Tornado Cash on Ethereum; $450,000 from Arbitrum is bridged to BSC and also laundered via Tornado Cash.

    Quadriga Initiative

    2023-02-20

    Dexible team releases post-mortem report acknowledging no formal audit was performed on the v2 contracts and that internal review failed to identify the vulnerability.

    REKT News

    2023-02-20

    Security researchers publish technical analyses of the selfSwap arbitrary external call vulnerability, identifying the lack of router address validation as the root cause.

    BlockApex

    2023-12-31

    Dexible listed as permanently closed on Crunchbase; no victim compensation program was ever established and stolen funds were not recovered.

    Crunchbase
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chainsrc:defillama

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 5/4/2026, 2:54:44 AM

    last updated: 5/28/2026, 4:12:52 PM

    avoid.net — verified advice for a post-truth world