🔥 Land A High Paying Web3 Job In 90 Days LEARN MORE

KyberSwap DEX loses $48M – Here are the hacker’s demands

In this post:

  • Based on on-chain data, KyberSwap, a decentralized exchange protocol, has been hacked for around $47 million. 
  • The hacker stole Ether, wrapped ether (wETH), USDC, $20 million from Arbitrum, $15 million from Optimism, and $7 million from Ethereum by attacking KyberSwap cross-chain deployments.
  • The hacker has teased that “negotiations will start in a few hours when I am fully rested.” The perpetrator also inquired, “How is Ontario this time of year?”
  • Kyber Network advises users to withdraw their funds while it investigates the situation.

According to on-chain data, the decentralized exchange system KyberSwap looks to have been the victim of a $47 million hack. The funds came through the company’s Elastic Pools liquidity solution.

Funds were abruptly transferred from protocol-associated wallets into a single wallet, as initially reported by X user Spreek.

KyberSwap DEX suffers millions in losses

In the latest decentralized financial hack, around $47 million in various crypto coins appear to have been taken from the decentralized KyberSwap exchange.

The Kyber Network team informed its users on November 23 via an X (Twitter) post that KyberSwap Elastic “has experienced a security incident.”

According to on-chain data, the attacker is mostly stealing funds in Ether, wrapped ether (wETH), and USDC. The attacker also targeted multiple cross-chain KyberSwap deployments, stealing approximately $20 million from Arbitrum, $15 million from Optimism, and $7 million from Ethereum.

As a precaution, the exchange advised users to withdraw their funds while it investigated the situation. On-chain sleuths have ruled out a fault in the DEX’s approval authorization code, implying that the theft is a targeted attack against the liquidity provider pools itself.

See also  How will president Trump handle the SEC case of best friend Elon Musk?

Blockchain sleuths identified the affected and exploiter wallet addresses, which were still operational as of late. According to DeFiLlama, the DEX currently has $22.23 million in total value locked (TVL), down from about $80 million prior to the hack.

The hacker’s demands

The following appeared in a transaction that the perpetrator purportedly sent: “Dear Kyberswap Developers, Employees, DAO members, and LPs, Negotiations will start in a few hours when I am fully rested. Thank you.” In addition, the perpetrator sought out, “How is Ontario this time of year?”

KyberSwap Elastic allows liquidity providers to select their preferred price ranges while automatically compounding their yields.

According to DefiLlama data, KyberSwap’s total value locked (TVL) dropped by 68% in a matter of hours, and about $78 million left the protocol as a result of the attack and user withdrawals. Its TVL is currently $27 million, down from a peak of $134 million in 2023.

According to 0xngmi, a pseudonymous employee at crypto data site DefiLlama, on X said: “I looked into the [transaction] and dont think it’s an approval issue with kyber aggregator, seems like hacker is just draining the kyber [liquidity provider] pools.”

See also  BlackRock doesn't like being compared to MicroStrategy when it comes to Bitcoin

0xngmi adds that the protocol locks in a total of $72 million worth of value. At this time, there appears to be little to no effect on this.

It is becoming progressively more prevalent for hackers to tease their targets by having them sign transactions with lengthy text sequences as part of decentralized finance exploits. 

Adam Cochran, general partner at Cinneamhain Ventures, said on X, “Looks like the Kyber exploits is flash loans and some sort of math/rounding issue. Each [transaction] is starting with an ETH balance coming in, looped mint/redeem/swap.”

The perpetrator of the $200 million breach that targeted Euler Finance returned additional funds to the protocols in early March of this year. In a succession of messages published on the blockchain, the attacker appeared to offer an apology.

In a separate blockchain message, the perpetrator, who is currently identified as Jacob, stated that they had every intention of returning the entire amount of funds to Euler.

A Step-By-Step System To Launching Your Web3 Career and Landing High-Paying Crypto Jobs in 90 Days.

Share link:

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Editor's choice

Loading Editor's Choice articles...
Subscribe to CryptoPolitan