KyberSwap DEX Suffers $46M Exploit, Hackers Suggest Negotiations

Nov. 23, 2023
KyberSwap DEX Suffers $46M Exploit, Hackers Suggest Negotiations

KyberSwap, a decentralized exchange (DEX), has fallen victim to a significant exploit, resulting in the loss of approximately $46 million in various crypto assets. The incident, which raised concerns among users about the security of their assets, was reported by Kyber Network on Nov. 23.

The team said the attack targeted KyberSwap Elastic, its auto yield-compounding liquidity markets. The exchange urged users to withdraw their funds as a precaution and added that its team was investigating the situation.

Blockchain analysts identified the affected wallet addresses, which remained active at the time of discovery. According to Debank data, the drained assets comprised around $4 million in Arbitrum (ARB), $7 million in wrapped Lido-staked Ether (wstETH), and $20 million in Wrapped Ether (wETH). The attacker had moved the stolen funds across multiple chains, including Polygon, Base, Ethereum, Arbitrum, and Optimism.

The company said KyberSwap‚Äôs aggregator is ‚Äúnot impacted‚ÄĚ and is ‚Äúoperating fully as normal.‚ÄĚ Meanwhile, Kyber Network reminds investors of potential scams and not to click any suspicious links or reply to direct messages.

DefiLlama data reveals that KyberSwap’s total value locked (TVL) plummeted by 70% within a few hours. Nearly $78 million left the protocol due to the attack and user withdrawal. As a result, the company’s current TVL is $14 million, down from about $80 million prior to the hack.

In an X post, blockchain sleuth Spreek ruled out the possibility of an attack related to a bug in DEX’s authorization code. Instead, they suggested that it was a direct attack on liquidity provider pools.

Kyber Network Crystal (KNC) tokens briefly dropped 7% when news of the exploit came out but have since recovered to trade at $0.74.

The Hacker’s Response

The attacker has also left an on-chain message, suggesting potential negotiations.

The message read:

‚ÄúDear Kyberswap Developers, Employees, DAO members, and LPs, Negotiations will start in a few hours when I am fully rested. Thank you.‚ÄĚ

Recently, hackers have been actively exploiting exchanges for financial gains. On Nov. 22, hackers stole $97 million worth of digital tokens from the crypto exchange HTX and the blockchain protocol Heco Chain. Earlier on Nov. 19, a breach occurred at Kronos Research, resulting in the theft of $26 million.

Syed Ali Haider

Researcher & Editor
Ali Haider is a Blockchain enthusiast and writer passionate about enhancing the acceptance, adoption, and integration of Blockchain technology worldwide. He has also advocated for digital freedom and cybersecurity for many years.