Key Takeaways
- The firm urged users to withdraw their funds as a precautionary measure.
- KyberSwap’s TVL witnessed a major drop of 68% within a few hours of the attack
In the latest decentralized finance (DeFi) exploit, KyberSwap Elastic, a decentralized exchange (DEX) under Kyber Network, faced a security incident resulting in the loss of approximately $46 million in various crypto assets.
The Kyber Network team promptly notified users on November 23 through a Twitter post, urging them to withdraw their funds as a precautionary measure. The team assured users that an investigation into the incident was underway.
Blockchain analysts uncovered the affected wallet addresses, revealing that the attacker had moved the stolen funds across multiple chains, including Arbitrum, Optimism, Ethereum, Polygon, and Base.
Notably, the drained assets comprised around $20 million in Wrapped Ether (wETH), $7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB).
According to Debank data, KyberSwap’s total value locked (TVL) witnessed a significant drop of 68% within a few hours of the attack, with nearly $78 million leaving the protocol due to the hack and subsequent user withdrawals. As a result, KyberSwap’s current TVL stands at $27 million, down from its 2023 peak of $134 million.
On-chain sleuths dismissed the possibility of the attack being related to a bug in the DEX’s approval authorization code. Instead, they suggested that the exploit was a directed attack against the liquidity provider pools themselves.
The attacker left an on-chain message for protocol developers and DAO members, hinting at negotiations to commence shortly.
This incident follows a trend in DeFi exploits where attackers use signed transactions to communicate messages. The Kyber Network Crystal (KNC) token briefly experienced a 7% dip in prices when news of the exploit surfaced but has since recovered.
It’s worth noting that Kyber Network had previously identified a potential vulnerability in its exchange contracts in April. While users were advised to withdraw liquidity at that time, no funds were lost in that particular incident.