Decentralized exchange (DEX) KyberSwap was attacked by hackers in its liquidation group in the early morning of November 23 and took about 47 million USD. Initial suspicions were that it was a Flash Loan Attack (flashloan hack ).
According to information, this protocol's Elastic liquidation pools were siphoned off by hackers with an estimated value of 47 million USD, on many blockchains supported by KyberSwap to open liquidation, including Ethereum, Arbitrum, Optimism, Base, Polygon ,…
current total is 47m. possibly more chains still to follow idk pic.twitter.com/FtV7Ol1HE7
— Spreek (@spreekaway) November 22, 2023
Notably, the bulk of the funds taken were in the form of ETH liquidation lock and Liquid Staking Token , as pointed out by Hsaka's account.
kyber exploiter wallet
— Hsaka (@HsakaTrades) November 22, 2023
you look at all the various wrappers, prefixes, suffixes of the same Token, ETH, and realize, yeah, eventually all this is going to have to be abstracted for the common user pic.twitter.com/Hvcjq54zxy
However, the hacker seems to have forgotten about the pool on Scroll as there is still 5 million USD in assets left untouched.
Hacker hasn't drained on Scroll Yet, just created contract.
— Wazz (@WazzCrypto) November 22, 2023
$5M can still be saved https://t.co/fNPpYgGzrT pic.twitter.com/Jd7G17xBmt
Initial analysis shows that only KyberSwap's liquidation pools were attacked via flashloan , so users did not need to revoke access previously granted to Kyber.
Kyber Network has confirmed the incident and requested users to withdraw all funds to prevent other potential vulnerabilities.
— Kyber Network (@KyberNetwork) November 22, 2023
Urgent
Dear KyberSwap Elastic Users,
We regret to inform you that KyberSwap Elastic has experienced a security incident.
As a precautionary measure, we strongly advise all users to promptly withdraw their funds. Our team is diligently investigating the situation, and we…
According to data from defillama, Kyber's DeFi products, or TVL of 86 million USD, has decreased to 27 million USD at the time of writing, when users massively withdrew money.
The community also pointed out the hacker's "audacity" when both making withdrawal transactions and leaving instructions describing his actions.
DONEEEEEEEEEEE pic.twitter.com/0R1JGjfcHp
— Fudzy (@fozzydiablo) November 23, 2023
Not stopping there, he also sent a message to the Kyber team, declaring that he was willing to negotiate to return the money, but had to wait "until he has fully rested".
Hacker reaches out with a message pic.twitter.com/KTwoMOzzKT
— Spreek (@spreekaway) November 23, 2023
Kyber Network's KNC Token price is fluctuating wildly after information that KyberSwap was hacked.
In September last year, KyberSwap was also attacked by hackers by exploiting Front-End interface loopholes and stealing 265,000 USD worth of cryptocurrency.
