Home Web3 SecurityCrypto Hacks & Exploits KyberSwap Exploited Loses $45M in a Multi-Chain Exploit

KyberSwap Exploited Loses $45M in a Multi-Chain Exploit

by ImmuneBytes
KyberSwap Exploited Loses $45M in a Multi-Chain Exploit

On Nov 22, 2023, @KyberNetwork reportedly fell victim to a significant security breach.

The exploit, which spanned across several blockchain networks, resulted in the loss of ~ $45 million in various cryptocurrencies.

Ethereum: https://etherscan.io/tx/0x485e08dc2b6a4b3aeadcb89c3d18a37666dc7d9424961a2091d6b3696792f0f3




The reason behind the hack is unknown, but some security researchers believe it involved an attack on the
@KyberNetwork liquidity pools using ‘tick manipulation’ and ‘double liquidity counting.’


Affected Chains and Assets

The exploit impacted multiple chains, including Ethereum, Arbitrum, Optimism, Polygon, and Base.
Among the stolen assets, the hackers drained about $20 million in wrapped Ether (wETH),
$7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB).

The Hacker

The 😈hacker left an on-chain message and said he would soon start negotiations.


It is believed that the hacker could be the same person who was involved in the attack on the $16M Indexed Finance hack on Oct 14, 2021.

This assumption is based on the presence of the same crypto address (involved in the Indexed Finance Hack) in the transaction history of KyberSwap’s operations.

Malicious Contract Used in the Attack: https://etherscan.io/address/0xaf2acf3d4ab78e4c702256d214a3189a874cdc13

Hacker Address: https://etherscan.io/address/0x50275e0b7261559ce1644014d4b78d4aa63be836

The Impact of the Hack

As per @DefiLlama data, KyberSwap’s total value locked (TVL) took a steep dive to touch $8.53M (when writing this) from $87.14M on Nov 21.

The prices of KNC tokens also plunged from $0.7722 to $0.7155 due to the exploit.

This steep dive can be attributed to the massive hack and @KyberNetwork’s advice to users to withdraw funds as a safety measure.

Kyber Network’s Response

Following the incident, Kyber Network swiftly alerted its users via a Twitter post, acknowledging the security breach on their KyberSwap Elastic platform. As a precaution, they advised users to withdraw their funds.

Additionally, this is the specific contract address (0x6131b5fae19ea4f9d964eac0408e4408b66337b5)
to revoke permissions from—for those wishing to take extra measures to safeguard their assets.

Previous Exploits on Kyber Network

Interestingly, the @KyberNetwork team identified another vulnerability in April this year. Even at that time, it had advised users to withdraw liquidity.

Fortunately, no funds were reported lost in that incident.

You may also like