DEX platform developed by Vietnamese people was hacked for 47 million USD

This article is machine translated
Show original

Decentralized exchange (DEX) KyberSwap was attacked by hackers in its liquidation group in the early morning of November 23 and took about 47 million USD. Initial suspicions were that it was a Flash Loan Attack (flashloan hack ).

According to information, this protocol's Elastic liquidation pools were siphoned off by hackers with an estimated value of 47 million USD, on many blockchains supported by KyberSwap to open liquidation, including Ethereum, Arbitrum, Optimism, Base, Polygon ,…

current total is 47m. possibly more chains still to follow idk

— Spreek (@spreekaway) November 22, 2023

Notably, the bulk of the funds taken were in the form of ETH liquidation lock and Liquid Staking Token , as pointed out by Hsaka's account.

kyber exploiter wallet

you look at all the various wrappers, prefixes, suffixes of the same Token, ETH, and realize, yeah, eventually all this is going to have to be abstracted for the common user

— Hsaka (@HsakaTrades) November 22, 2023

However, the hacker seems to have forgotten about the pool on Scroll as there is still 5 million USD in assets left untouched.

Hacker hasn't drained on Scroll Yet, just created contract.

$5M can still be saved

— Wazz (@WazzCrypto) November 22, 2023

Initial analysis shows that only KyberSwap's liquidation pools were attacked via flashloan , so users did not need to revoke access previously granted to Kyber.

Kyber Network has confirmed the incident and requested users to withdraw all funds to prevent other potential vulnerabilities.

🚨 Urgent🚨

Dear KyberSwap Elastic Users,
We regret to inform you that KyberSwap Elastic has experienced a security incident.

As a precautionary measure, we strongly advise all users to promptly withdraw their funds. Our team is diligently investigating the situation, and we…

— Kyber Network (@KyberNetwork) November 22, 2023

According to data from defillama, Kyber's DeFi products, or TVL of 86 million USD, has decreased to 27 million USD at the time of writing, when users massively withdrew money.

KyberSwap TVL Volatility . Source: defillama (November 23, 2023)

The community also pointed out the hacker's "audacity" when both making withdrawal transactions and leaving instructions describing his actions.


— Fudzy (@fozzydiablo) November 23, 2023

Not stopping there, he also sent a message to the Kyber team, declaring that he was willing to negotiate to return the money, but had to wait "until he has fully rested".

Hacker reaches out with a message

— Spreek (@spreekaway) November 23, 2023

Kyber Network's KNC Token price is fluctuating wildly after information that KyberSwap was hacked.

15m chart of KNC/ USDT pair on Binance exchange at 07:55 AM on November 23, 2023

In September last year, KyberSwap was also attacked by hackers by exploiting Front-End interface loopholes and stealing 265,000 USD worth of cryptocurrency.

Disclaimer: The content above is only the author's opinion which does not represent any position of Followin, and is not intended as, and shall not be understood or construed as, investment advice from Followin.
Add to Favorites