- Decentralized trade (DEX) protocol KyberSwap has been hacked for $47 million.
- The attacker drained $20 million in WETH, $4 million ARB and $7 million wstETH.
- KNC value fell to $0.72 whereas TVL plunged to $13.6 million.
DEX platform KyberSwap has been hacked, with roughly $47 million price of crypto belongings drained from its liquidity swimming pools.
It’s the newest assault within the crypto trade, with this coming only a day after HTX’s HECO chain bridge suffered an $86 million exploit.
KyberSwap exploited – what occurred?
KyberSwap alerted its customers to the exploit early Thursday, advising that clients withdraw their funds as a precaution.
🚨Pressing🚨
Expensive KyberSwap Elastic Customers,
We remorse to tell you that KyberSwap Elastic has skilled a safety incident.As a precautionary measure, we strongly advise all customers to promptly withdraw their funds. Our workforce is diligently investigating the state of affairs, and we…
— Kyber Community (@KyberNetwork) November 22, 2023
Nevertheless, whereas it acknowledged the safety incident, KyberSwap mentioned the exploit didn’t affect its aggregator, which was reportedly “working absolutely as regular.”
In keeping with Sensible Contract and EVM chain audit platform BlockSec, the KyberSwap exploit was “on account of tick manipulation and double liquidity counting.” The on-chain safety mentioned in a submit on X that this was a flash mortgage assault, with the hacker executing swaps and manipulating costs and ticks of focused liquidity swimming pools.
“Finally, the attacker triggered a number of swap steps and cross tick operations, leading to double liquidity counting and consequently draining the swimming pools,” BlockSec famous.
Stolen funds embrace $20 million in wrapped Ether (wETH), $4 million in Arbitrum (ARB) and $7 million in wrapped Lido-staked Ether (wstETH). The belongings are unfold throughout Ethereum, Arbitrum, Optimism, Polygon, and Base.
KyberSwap’s complete worth locked (TVL) fell sharply after the assault, with information from DeFiLlama displaying $13.61 million – down from over $83 million earlier than the exploit. The Kyber Community Crystal (KNC) token was down 3.1% on the time of writing, buying and selling close to $0.722.