mySwap’s concentrated liquidity pools on Starknet were drained for roughly $305,000 after an attacker deployed a fake token and used it to manipulate pool accounting. The mySwap exploit involved a fake token named EVIL, which was used to distort the accounting path tied to the protocol’s CL pools and shared vault. The drained assets were listed as 137.96 ETH, 45,000 USDC, 19,900 USDT and 230,000 STRK.