- Decentralized exchange KyberSwap has lost close to $50 million in a hack
- The exchange has requested users to withdraw funds to avoid further losses
- The hacker has alluded to a possible return of some or all of the funds
Decentralized exchange KyberSwap has asked users to withdraw funds to avoid further losses after the platform lost nearly $50 million in a hack. The platform said that it’s investigating the “security incident” with some blockchain sleuths noting that the attacker targeted recently active wallets. The attacker has indicated that he’s ready for negotiations once he’s “fully rested,” a sign that he may be open for a bounty reward in return for a section of the funds, a move that has been common with hackers in the web3 space.
Kyber’s TVL Drops to $22 Million
According to blockchain investigators, the amount stolen consisted of different cryptos and wrapped tokens like Wrapped Ether (wETH) and Arbitrum (ARB).
🚨Urgent🚨
Dear KyberSwap Elastic Users,
We regret to inform you that KyberSwap Elastic has experienced a security incident.As a precautionary measure, we strongly advise all users to promptly withdraw their funds. Our team is diligently investigating the situation, and we…
— Kyber Network (@KyberNetwork) November 22, 2023
Some on-chain sleuths have speculated that the exploit targeted funds locked in the platform’s pools, adding that it wasn’t related to Kyber users approving malicious smart contracts.
for those asking im fairly sure this is NOT an approval related issue and is only related to the TVL held in the kyber pools themselves.
— Spreek (@spreekaway) November 22, 2023
Data from DefiLlama indicated that the exploit saw users withdraw funds from the platform causing its total value locked (TVL) to shrink by close to 70%. Kyber’s TVL stands at $22 million down from around $80 million a few days ago. The protocol’s token, KNC, also lost 7% in value due to the hack.
Kyber Network clarified that the incident only affected KyberSwap Elastic Users and that “KyberSwap’s aggregator is not impacted and is operating fully.”
KyberSwap’s aggregator is not impacted and is operating fully as normal.
— Kyber Network (@KyberNetwork) November 23, 2023
In April, the protocol disclosed that it had “identified a potential vulnerability” but said that no funds were lost.
1/2
Attention KyberSwap Elastic Liquidity Providers:
We have identified a potential vulnerability, and as a precaution we strongly advise all Liquidity Providers to withdraw your funds on Elastic as soon as possible.Investigations are ongoing and no user funds are lost.
— Kyber Network (@KyberNetwork) April 17, 2023
Previous Hackers Unmasked
The hack comes a year after the platform lost $265,000 in an incident that exploited the protocol’s Google Tag Manager.
At the time, the now ex-Binance CEO Changpeng Zhao said that they identified the malicious actors and shared their details with the Kyber team and law enforcement agencies.
With the attacker expressing willingness to negotiate with the Kyber team, it’s to be seen whether the Kyber team is open to such negotiations.