KyberSwap DEX Suffers $46M Exploit, Hackers Suggest Negotiations

KyberSwap, a decentralized exchange (DEX), has fallen victim to a significant exploit, resulting in the loss of approximately $46 million in various crypto assets. The incident, which raised concerns among users about the security of their assets, was reported by Kyber Network on Nov. 23.

The team said the attack targeted KyberSwap Elastic, its auto yield-compounding liquidity markets. The exchange urged users to withdraw their funds as a precaution and added that its team was investigating the situation.

🚨Urgent🚨

Dear KyberSwap Elastic Users,
We regret to inform you that KyberSwap Elastic has experienced a security incident.

As a precautionary measure, we strongly advise all users to promptly withdraw their funds. Our team is diligently investigating the situation, and we…

— Kyber Network (@KyberNetwork) November 22, 2023

Blockchain analysts identified the affected wallet addresses, which remained active at the time of discovery. According to Debank data, the drained assets comprised around $4 million in Arbitrum (ARB), $7 million in wrapped Lido-staked Ether (wstETH), and $20 million in Wrapped Ether (wETH). The attacker had moved the stolen funds across multiple chains, including Polygon, Base, Ethereum, Arbitrum, and Optimism.

Kyberswap is being drained, several sources report.

If you have assets, withdraw pic.twitter.com/Y5ooYYzcTd

— olimpio (@OlimpioCrypto) November 22, 2023

The company said KyberSwap’s aggregator is “not impacted” and is “operating fully as normal.” Meanwhile, Kyber Network reminds investors of potential scams and not to click any suspicious links or reply to direct messages.

DefiLlama data reveals that KyberSwap’s total value locked (TVL) plummeted by 70% within a few hours. Nearly $78 million left the protocol due to the attack and user withdrawal. As a result, the company’s current TVL is $14 million, down from about $80 million prior to the hack.

In an X post, blockchain sleuth Spreek ruled out the possibility of an attack related to a bug in DEX’s authorization code. Instead, they suggested that it was a direct attack on liquidity provider pools.

Kyber Network Crystal (KNC) tokens briefly dropped 7% when news of the exploit came out but have since recovered to trade at $0.74.

The Hacker’s Response

The attacker has also left an on-chain message, suggesting potential negotiations.

The message read:

“Dear Kyberswap Developers, Employees, DAO members, and LPs, Negotiations will start in a few hours when I am fully rested. Thank you.”

Recently, hackers have been actively exploiting exchanges for financial gains. On Nov. 22, hackers stole $97 million worth of digital tokens from the crypto exchange HTX and the blockchain protocol Heco Chain. Earlier on Nov. 19, a breach occurred at Kronos Research, resulting in the theft of $26 million.