KyberSwap Hacked For Nearly $50 Million: There's More to the Story

The latest in a string of DeFi platforms to be exploited, Kyber Network was attacked earlier today, with over $46 million worth of funds stolen.

🚨Urgent🚨

Dear KyberSwap Elastic Users,

We regret to inform you that KyberSwap Elastic has experienced a security incident.

As a precautionary measure, we strongly advise all users to ly withdraw their funds. Our team is diligently investigating the situation, and we…

— Kyber Network (@KyberNetwork) November 22, 2023

Furthermore, unrelated bad actors have apparently begun reaching out to users of the platform attempting to scam users trying to withdraw funds. Kyber Network has since warned its user base of the attempts and advised them to cut off communication with these accounts.

Liquidity Pools As Likely Point Of Entry

Unlike other recent attacks, where attackers gained a foothold via a faulty approval or price manipulation, blockchain expert Spreek believes that the current exploit targeted the exchange’s pools only, and recommended using kyber forks to withdraw funds from the exchange.

“For those asking I’m fairly sure this is NOT an approval related issue and is only related to the TVL held in the kyber pools themselves. I recommend also withdrawing from kyber forks such as Horizondex on Linea until there is more info.”

In fact, a separate X user pointed out that the hacker even left clues as to how he did it – and evidence points towards a manipulation of the exchanges’ perceived TVL.

This message was, funnily enough, followed by an entire string of messages essentially walking viewers through his entire step-by-step process. Therefore, a post-mortem by the exchange’s team will be unnecessary this time.

The hacker later left another message taunting Kyber’s community and stating that negotiations would resume in a few hours once he had finished resting.

Multiple Cryptocurrencies Stolen

The hacker made off with a whole laundry list of different tokens across multiple blockchains.

Nevertheless, the vast majority of stolen tokens took the form of wrapped Ether, spread across the Ethereum, Arbitrum, and Optimism blockchains.

Significant amounts of wrapped BTC – also across multiple blockchains, DAI, USDC, USDT, Arbitrum, and Optimism tokens were also swiped.

The incident sent Kyber Network’s TVL plummeting from $87.14 million to $14.7 million, a far cry from the DEX’s 2021 peak of $545.73 million.

This is not the first time the Kyber Network has been attacked – an unknown attacker made off with about $250k in September of 2022, and a vulnerability affecting liquidity providers was discovered earlier this year.

No funds were lost in the April incident, although the exchange was forced to briefly suspend some functions of the platform until a new smart contract could be deployed.