TLDR:
- Kame Aggregator exploit drained over $1M from Sei users by abusing unlimited token approvals on connected wallets.
- Users were urged to revoke token permissions through Revoke.cash and Rabby Wallet to prevent further losses.
- Hackers agreed to return 185 ETH, with Kame confirming funds were transferred back to a recovery wallet.
- A compensation plan for affected wallets is being prepared as Kame continues its investigation and security checks.
It was a tense start to the weekend for users of Kame Aggregator on Sei. A wallet-draining exploit hit the platform, leaving funds exposed. The attack targeted users with active token approvals and quickly siphoned over $1 million from connected wallets.
Kame’s team moved fast, alerting users to revoke permissions and limit exposure. A partial recovery has now been confirmed, giving affected users some relief.
Kame Aggregator Exploit Drains $1M Through Token Approvals
Security researcher Abhi reported the exploit, warning that two malicious drainer contracts were actively draining funds.
🚨 $1M+ exploit on SEI
Kame Aggregator on Sei was exploited on September 13, 2025, with attackers draining over $1M from user wallets.
The exploit abused token approvals, meaning wallets that granted unlimited spend permissions to Kame contracts were exposed.
Two malicious… pic.twitter.com/gyShzCDyun
— Abhi (@0xAbhiP) September 13, 2025
The attack abused unlimited spend permissions given to Kame contracts, a common approval risk in DeFi. Wallets that had granted access to the malicious addresses were targeted directly, with attackers pulling assets in real time.
Users were urged to immediately revoke approvals through tools such as Rabby Wallet and Revoke.cash. A dedicated checker was rolled out to help users see if they were at risk.
The incident highlights how critical it is to monitor active token permissions and revoke them when not needed.
Kame’s official X account confirmed the exploit and advised users to secure their wallets. They stated that the team was working closely with partners to track the funds and identify affected users.
According to early updates, efforts to communicate with the attacker began soon after the breach.
The exploit caused a rush among users to revoke approvals as they scrambled to protect remaining assets. This quick action may have helped limit further damage as the attack was ongoing.
Recovery of 185 ETH and Compensation Plan
Hours later, Kame announced that the attacker had agreed to return a portion of the stolen funds. They confirmed that 185 ETH had been transferred back to a recovery wallet. The team thanked partners across the Sei ecosystem for helping spread the word quickly.
Kame stated they are now gathering information on all affected wallets. A compensation plan will be shared once the investigation is complete. Users are being asked to remain alert and keep approvals disabled until full security checks are finalized.
Critical Update!
We have successfully communicated with hackers and they accepted our offer to transfer funds back.
185 ETH has been refunded by this transationhttps://t.co/SFWD6JJV7K
We are collecting information about affected hackers and will soon inform the compensate plan.…— Kame Aggregator (@kame_agg) September 13, 2025
The recovery of a portion of the funds marks progress, but most of the stolen assets are still unaccounted for. Kame is continuing its investigation and coordinating with ecosystem security teams. Updates are expected to be released in the coming days as the team finalizes next steps.
This exploit has reignited discussions about DeFi safety and the risks tied to unlimited token approvals. For many users, this will be a reminder to audit wallet permissions regularly and only grant approvals when necessary.
