Multi-Chain DEX KyberSwap Loses $265k In Latest DeFi Exploit
Mark Brennan - The Crypto Basic
KyberSwap front-end compromised in $265k exploit.
Kyber Network, a decentralized finance (DeFi) liquidity hub behind the multi-chain decentralized exchange (DEX) KyberSwap, in a Twitter thread on Thursday, disclosed that it has identified and neutralized an attack on the KyberSwap front-end.
However, about $265k was stolen from two whale addresses before the team resolved the issue. While the platform assures that the problem has been resolved, it has urged customers to exercise caution and revoke any malicious approvals, leaving instructions in a medium blog post.
“We identified and neutralized an exploit on the KyberSwap frontend. Affected users will be compensated… USD$265K of user funds were lost, with 2 affected addresses, and users will be compensated. It appears the attacker was targeting whale wallets,” Kyber Network notes in the thread on Twitter.
Kyber Network reveals that its team resolved the exploit within two hours after it observed suspicious elements in KyberSwap’s front end. Additionally, the liquidity hub discloses that the source of the exploit was malicious code in its Google Tab Manager (GTM). Notably, Kyber Network reveals that it has been able to track down the addresses associated with the hacker, including an OpenSea account.
The liquidity hub warns other DeFi platforms to thoroughly investigate their GTM as the hacker may have targeted multiple platforms.
In a message to the attacker, the platform notes that it is in contact with various exchanges, taking steps to ensure that the hacker will not be able to cash out on the stolen funds without revealing their identity. In addition, Kyber Network has offered the hacker 15% of the stolen funds as a bug bounty reward in return for returning the funds and speaking with the team.
It bears mentioning that this year has been rife with crypto hacks. For example, Chainalysis, in its mid-year crypto crime update, reveals that $1.9 billion has been lost in the first six months of 2022 compared to $1.2 billion within the same period in 2021.
Most recently, The Crypto Basic reported that about $5 million in crypto assets were lost in a Solana wallet drain linked to a possible Slope wallet exploit.
View full text