- The KyberSwap hacker has been seen moving funds linked to the Herencia Artifex NFT project
- The movement of funds was first reported by on-chain security platform Cyvers
- The actions come a day after the expiry of the December 10 deadline the hacker had given the KyberSwap team
A day after the expiry of the KyberSwap hacker’s deadline for the Kyber team to agree to his demands to take over the company, the malicious actor has been captured moving funds belonging to another web3 project. According to on-chain security platform Cyvers, the actor transferred roughly $50 million in HAX, the native token of the Herencia Artifex NFT protocol. Some crypto exchanges like MEXC Global have halted the token’s withdrawal citing abnormal coin activities, something that can help reduce losses in case it turns out to be a hack.
“Transfer From” Function has a Weakness
Cyvers disclosed that the KyberSwap exploiter used the “transfer from” function that’s commonly used in the DeFi world. However, according to the blockchain firm, the function’s usage sometimes enables malicious actors to siphon funds from a project.
🚨ALERT🚨Our system has detected an abnormal transaction related to the @KyberNetwork exploiter.
The address funded by the @KyberNetwork exploiter has received $50M worth of $HXA from the 0x0..000dEaD $ETH address using transferfrom function! 🤯
Address: https://t.co/byZyFaorNA.… pic.twitter.com/2SUHuNXqEN— 🚨 Cyvers Alerts 🚨 (@CyversAlerts) December 8, 2023
The blockchain security platform believes that the exploiter explored a weakness in how the HAX smart contract handles the function. It added that stolen tokens are held in multiple external wallets.
A website associated with the NFT project was also down although it’s unclear whether the two incidents are related.
KyberSwap Exploiter’s Deadline Reached
The hacker’s actions come barely two weeks after he siphoned over $45 million from decentralized exchange KyberSwap. It also comes a few days after the KyberSwap exploiter revealed that he’ll return the stolen funds only after the KyberSwap team relinquishes control of the Kyber company to him, on or before December 10.
The malicious actor’s need to keep the loot goes against a report indicating that DeFi hackers prefer taking a bounty instead of the entire loot to avoid attracting the attention of law enforcement agencies.
Although the NFT project is yet to comment on the security incident, it’s to be seen whether the hacker will offer outrageous demands before returning the funds.