Kame Aggregator on Sei Faces Major Hack: 185 ETH Returned, But Questions Linger

On September 13, 2025, Kame Aggregator—a leading decentralized exchange (DEX) aggregator operating on the Sei Network—was hit by a significant exploit. While more than $1 million in user funds was initially stolen, Kame has recovered 185 ETH following negotiations with the attacker. Yet, even as partial recovery brings relief, many details remain unclear. (Binance)

In this article, we’ll explore what is known so far: what Kame Aggregator is, how the attack happened, what recovery has taken place, and what this means for the future of DeFi security on Sei and beyond.

What is Kame Aggregator?

Kame Aggregator is a DEX aggregator built on the Sei Network. Essentially, it helps users execute swaps by routing through multiple decentralized exchanges and liquidity pools to find the best rates and lowest slippage. Because Sei offers low transaction costs and fast finality, Kame has been growing in popularity among crypto and DeFi users. (Blockonomi)

How the Hack Unfolded

Exploit Mechanism

• The exploit appears to have exploited unlimited token approvals granted by users’ wallets. Because users often give “infinite” spending permissions to aggregator contracts, the attacker leveraged these outstanding permissions to drain funds. (Blockonomi)
• Although the Sei blockchain is not purely Ethereum-based, it supports EVM compatibility via bridges or modules. Thus, ERC-20-style token standard behaviors (approvals, spend allowances) showed up in practice. (Coin Edition)

Scale of the Damage

• Early disclosures estimate losses at over $1 million from users who had active token approvals. (Blockonomi)
• Specific assets stolen include SEI tokens, USDC, or bridged ETH equivalents. The full breakdown remains under investigation. (Blockonomi)

Kame’s Initial Response

• As soon as suspicious activity was detected, Kame issued alerts urging users to revoke permissions via tools such as Revoke.cash. (Blockonomi)
• The team paused or limited affected operations, and began coordinating with security partners to trace stolen funds. (Coin Edition)

Negotiations & Recovery

• Rather than having the attacker vanish with the funds, Kame engaged in on‐chain negotiation. The result: 185 ETH was returned to a recovery wallet. (Phemex)
• The recovery was confirmed in Kame’s official social post. (Coin Edition)
• Though 185 ETH is a substantial amount, it does not represent the full loss; many assets and affected wallets are still under review. (Blockonomi)

User Impact & Fallout

• Many users reported losses ranging from hundreds to tens of thousands of dollars, depending on how much they had approved and what tokens they held. (Blockonomi)
• Because of the exploit model (approval abuse), users whose wallets were “connected” and had granted permissions (especially unlimited ones) are at most risk. (Blockonomi)
• Kame has set up a claims process; it is collecting wallet addresses, transaction hashes, and proof of losses to prepare a compensation plan. (Coin Edition)

Outstanding Questions

While some information has been made public, several critical questions remain:

1. Exact amount stolen — The precise asset mix and total dollar value have not been disclosed.
2. Which wallets were affected — It is still unclear how many users are impacted and whether any major “whale” addresses were especially hit.
3. How the exploit was enabled technically — Was it an issue in Kame’s smart contracts, or in interactions with external DEXs or bridges?
4. Security audits and future safeguards — What audits had Kame completed before this event, and what new protections (bug bounties, multi-sig, stricter approval limits) will be put in place?

Larger Implications for Sei and DeFi Security

• This exploit highlights the perennial risk in DeFi of token approvals. Even though tools like Revoke.cash exist, many users still neglect to regularly audit permissions.
• On the broader Sei ecosystem, this is likely to spark greater demand for formal audits, insurance or protection mechanisms, and perhaps stricter standards for aggregators.
• Also, the recovery via negotiation shows that in some cases, hackers may respond to incentives beyond pure theft—whether it’s fear of being traced, or reputational risk. That path toward recovery is encouraging but cannot be relied on.

What Should Users & Projects Do?

• Revoke unnecessary token approvals immediately. Use tools like Revoke.cash or wallet features to audit permissions.
• Limit spending allowances instead of granting full or “infinite” approvals.
• Watch for compensation announcements from Kame, and retain proof of losses.
• For projects/aggregators: implement multi-sig controllers, formal audits, white-hat bounty programs, and clearer UI/UX about risk warnings.

Conclusion: A Partial Victory, But Trust Must Be Earned

Kame Aggregator’s hack on the Sei Network underscores how quickly things can go wrong in DeFi, especially when permission settings are overly permissive. Although recovering 185 ETH is a step in the right direction, full transparency and accountability will determine whether the community’s trust can be restored.

This incident serves as a cautionary tale: in DeFi, the best defense is vigilance. Whether you are a user or a builder, risk is real—but so is the opportunity to learn and build stronger.

Sources:

• Binance News: Sei’s Kame Aggregator Experiences Hack, Partial Funds Recovered (Binance)
• Coin Edition: Sei-Based Kame Recovers 185 ETH, Plans Compensation (Coin Edition)
• Blockonomi: Kame Aggregator on Sei Hit by $1M Exploit, Hacker Returns 185 ETH (Blockonomi)
• Phemex News: Kame Aggregator Recovers 185 ETH After Hack (Phemex)
• CoinNess: Sei-based DEX aggregator Kame reaches deal with hacker for return of stolen funds (CoinNess)