KyberSwap DEX shaken by alleged $47 mln exploit

• The exploit targeted funds within KyberSwap’s Elastic Pools liquidity solution.
• KyberSwap urged all users to promptly withdraw their funds.

A substantial exploit appears to have hit KyberSwap, a decentralized exchange protocol. The hack has resulted in a staggering loss of $47 million.

This exploit, as indicated by on-chain data, targeted funds within KyberSwap’s Elastic Pools liquidity solution.

The protocol’s breach came to light when detecting unexpected and sizable movements of funds, notably from wallets linked to the protocol.

A vigilant user named Spreek on first observed this suspicious activity on X (formerly Twitter).

Kyber being exploited on all chains rn. here's an example tx on base. 20m+ lost already pic.twitter.com/gvv7M9HWH6

— Spreek (@spreekaway) November 22, 2023

The exploited funds include a hefty $20.7 million on Arbitrum [ARB], $15 million on Optimism [OP], $7 million on Ethereum [ETH], $3 million on Polygon [MATIC], and $2 million on Base.

A single wallet was the recipient of these funds. They primarily consisted of various forms of ether, such as wrapped tokens and liquid staking tokens, along with other tokens like Arbitrum and various stablecoins.

Users urged to withdraw funds after security incident

KyberSwap swiftly acknowledged the security incident through a post on X, urging all users to promptly withdraw their funds.

The protocol assured its users that its team was diligently investigating the situation and committed to providing regular updates.

🚨Urgent🚨

Dear KyberSwap Elastic Users,
We regret to inform you that KyberSwap Elastic has experienced a security incident.

As a precautionary measure, we strongly advise all users to promptly withdraw their funds. Our team is diligently investigating the situation, and we…

— Kyber Network (@KyberNetwork) November 22, 2023

Ominously, the attacker left a message in a transaction, which said:

“Dear Kyberswap Developers, Employees, DAO members, and LPs, Negotiations will start in a few hours when I am fully rested. Thank you.”

This breach has shifted the focus onto KyberSwap Elastic, previously known for enabling liquidity providers to choose preferred price ranges while experiencing automated yield compounding.

Upon scrutinizing the situation, 0xngmi, a pseudonymous employee at crypto data site DefiLlama, clarified that it wasn’t an approval issue with Kyber aggregator. Instead, the hacker seemed to be systematically draining the Kyber liquidity provider pools.

Fortunately, the protocol’s total value locked does not appear to have been impacted. The locked value amounted to $72 million.

The repercussions of this exploit were immediate, with the price of Kyber Network Crystal (KNC) experiencing a sharp decline. It was trading at $0.731 at press time, according to TradingView.

KNC/USDT. Source: Tradingview

Insights from Adam Cochran, a general partner at Cinneamhain Ventures, shed light on the nature of the Kyber exploits. Cochran suggested that flash loans and a math/rounding issue played a role.

He said each transaction starting with an ETH balance led to a looped mint/redeem/swap process.