QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$1 325 000 USD
SEPTEMBER 2025
GLOBAL
KAME AGGREGATOR
DESCRIPTION OF EVENTS
Kame Aggregator is a decentralized finance (DeFi) protocol built on the Sei Network that simplifies and optimizes the trading process. It aggregates liquidity from various sources across the Sei Ecosystem, ensuring users receive the best available exchange rates for their trades. By comparing rates across all supported liquidity providers, Kame helps secure the most favorable pricing for any given trade.
The platform enhances order execution by splitting transactions across multiple liquidity sources to minimize price slippage and maximize the amount received by the user. In addition to decentralized exchange (DEX) liquidity, Kame integrates liquidity from a variety of sources, including lending protocols, liquid staking, launchpads, and private market makers. This multi-path approach ensures comprehensive coverage and efficient trade execution.
Kame also prioritizes user convenience by minimizing gas costs and streamlining the permission process. Once users authorize the Kame contract, they can trade seamlessly across any DEX within the ecosystem without needing to grant permissions for each individual exchange. This makes the platform both user-friendly and efficient, especially for those seeking optimized DeFi trading experiences.
There was a design flaw in the way the Kame Aggregator contracts handled certain critical operations, particularly around user permissions and how those permissions were validated. The core issue wasn’t necessarily a "bug" in the traditional sense, but rather a structural weakness in the contract’s logic that allowed for unintended interactions with external contracts
"The attacker leveraged a design flaw in the swap() function that allowed arbitrary executor calls, resulting in the theft ... from users who had granted unlimited approvals."
"The swap() function allowed arbitrary execution of params.executor with params.executeParams: (bool success, bytes memory returnData) = params.executor.call{value: msg.value}(params.executeParams);
No validation was performed on either the executor or the calldata. By setting the executor to a malicious Multicall contract 0xcA11bde05977b3631167028862bE2a173976CA11, the attacker could directly invoke a token’s transferFrom() against victims who had approved the router. This effectively turned the router into a proxy for token theft.
The impact was critical because many users had either granted unlimited allowances to the AggregationRouter or approved amounts larger than their intended swap sizes, leaving residual approvals exploitable."
According to the post-mortem, "[a]pproximately $1,324,535.32" was "the value of Affected Assets". "830 unique users were impacted".
The Kame Aggregrator initially simply announced that they would be "temorarily closing". After close to an hour, users were requested to revoke permissions to affected contracts 0x14bb98581Ac1F1a43fD148db7d7D793308Dc4d80 and 0x1415E8eeC45DAE07E7bBdf57A88ea0a309233617.
The Kane Aggregator team were able to establish communication with the primary exploiter, offering a 20% bug bounty, which led to the return of a portion of the stolen funds. As a result, approximately $946,195.94 of the stolen funds were recovered from the primary exploiter, and an additional $21,900.98 was retrieved with the help of white hat hackers.
While the recovery efforts were successful, the incident exposed critical vulnerabilities in the aggregator's design, particularly around the arbitrary executor call functionality and the lack of sufficient user permission management. The Kame team began developing a compensation plan for the affected users, which they promised to release in the coming days.
Total Value of Affected Assets recovered by Kame Team from Primary Exploiter: Approximately $946,195.94
Total Value Recovered by White Hat Hackers: Approximately $21,900.98
In the aftermath, the platform committed to improving its security protocols by implementing stricter validation mechanisms, monitoring systems, and pausing functionality to prevent future exploits. This incident highlighted the need for enhanced contract auditing, permission controls, and proactive security measures in decentralized finance platforms.
Kame Aggregator, a decentralized finance (DeFi) protocol on the Sei Network, experienced a significant exploit in September 2025 due to a design flaw in its swap() function, which allowed attackers to perform arbitrary executor calls. This vulnerability enabled the theft of approximately $1.32 million from 830 users who had granted unlimited approvals to the AggregationRouter. The attacker exploited the flaw by using a malicious Multicall contract to invoke a token transfer on behalf of the victims. Following the incident, Kame quickly responded by notifying users to revoke permissions and worked with the primary exploiter and white hat hackers to recover about $946,195.94 of the stolen assets. Despite the recovery, the exploit exposed critical weaknesses in the platform’s permission management and validation mechanisms. Kame has since committed to improving its security protocols and implemented a compensation plan for affected users.
Post Mortem: Kame Aggregator Exploit September 2025 - Kame Aggregrator (Sep 26)
Attack Transaction - SEIScan (Sep 26)
Kame Aggregrator - "To ensure the safety of our users and to thoroughly investigate the root cause, we will be temporarily closing." - Twitter/X (Sep 26)
Kame Aggregrator - "Action Required: Please REVOKE all token permissions to the following addresses ASAP to protect your funds: 0x14bb98581Ac1F1a43fD148db7d7D793308Dc4d80 0x1415E8eeC45DAE07E7bBdf57A88ea0a309233617" - Twitter/X (Sep 26)
@defiCosmos Twitter (Sep 26)
Hacker Returns Stolen 185 ETH to Kame Aggregator Platform (Sep 26)
https://www.binance.com/en/square/post/09-13-2025-sei-s-kame-aggregator-experiences-hack-partial-funds-recovered-29624637893002 (Sep 26)
2025 Kame Aggregator Hack: Check If You're Affected (Sep 26)
Kame Aggregator - Sei DEX Aggregator (Sep 26)
Kame Aggregrator Twitter/X Account (Sep 26)
Kame Aggregator Project Introduction, Team, Financing and News_RootData (Sep 26)
Kame’s Substack (Sep 26)
Welcome to Kame (Sep 26)
