I am raising this discussion to alert the DAO to the ongoing situation regarding Aperture Finance.
On January 26, 2026, Aperture Finance suffered a major exploit (approx. $3.6M lost). Security reports (including BlockSec) confirmed the vulnerability was an arbitrary-call capability in their smart contracts, allowing attackers to drain assets using transferFrom calls on existing user approvals.
Current Issues for Uniswap LPs:
-
30+ Days of Ghosting: The Aperture team has been completely silent since the exploit. No post-mortem has been shared, and no recovery plan has been proposed to the users who provided liquidity to Uniswap via their tool.
-
Tornado Cash Activity: On-chain data confirms that the exploited funds (1,200+ ETH) are currently being laundered through Tornado Cash, with no attempt from the team to negotiate with the hacker or secure the remaining funds.
-
Recent Security Banner: A banner recently appeared on
aperture.financeadvising users to revoke all approvals. This proves the team still has frontend access but chooses to remain silent regarding the $3.6M loss.
Aperture has been a featured partner for Uniswap V3/V4 automation and was part of several ecosystem discussions. To protect the integrity of the Uniswap ecosystem, I propose:
-
Official Warning: Request Uniswap Labs to add a high-risk warning to the Uniswap Interface for any interactions involving Aperture Finance contracts.
-
Audit Review: We need a community-led review to ensure no other “Intent-based” solvers using similar logic are putting Uniswap LPs at risk.
-
VC Accountability: We call on ecosystem investors who backed Aperture (such as Binance Labs/YZi, Krypital, etc.) to provide a statement on the status of the project.
Uniswap’s strength relies on the safety of its LP ecosystem. We cannot let automated management tools “ghost” the community after a major security failure.