On Nov 22, 2023, @KyberNetwork reportedly fell victim to a significant security breach.
The exploit, which spanned across several blockchain networks, resulted in the loss of ~ $45 million in various cryptocurrencies.
Ethereum: https://etherscan.io/tx/0x485e08dc2b6a4b3aeadcb89c3d18a37666dc7d9424961a2091d6b3696792f0f3
Arbitrum:
https://arbiscan.io//tx/0xcea8599b8b82d5c17739fda9fe69a3e19a1613405929b3e191118681b702fc6a
Polygon:
https://polygonscan.com/tx/0xb58c81460ef0167f492fb4900e9da60cc6fa1117bd5b67b2100bb5b5e5df8b0c
Optimism:
https://optimistic.etherscan.io/tx/0xdaa80d75d872bf2513c09c76d81db54d9ddcfd06d4230e65e3bf8d87d2758db2
The reason behind the hack is unknown, but some security researchers believe it involved an attack on the
@KyberNetwork liquidity pools using ‘tick manipulation’ and ‘double liquidity counting.’
https://etherscan.io/tx/0x396a83df7361519416a6dc960d394e689dd0f158095cbc6a6c387640716f5475
Affected Chains and Assets
Table of Contents
The exploit impacted multiple chains, including Ethereum, Arbitrum, Optimism, Polygon, and Base.
Among the stolen assets, the hackers drained about $20 million in wrapped Ether (wETH),
$7 million in wrapped Lido-staked Ether (wstETH), and $4 million in Arbitrum (ARB).
The Hacker
The 😈hacker left an on-chain message and said he would soon start negotiations.
Ref:
https://etherscan.io/tx/0x7a8912583520304ce2364fa165dafe94461a91ab2dcf45dab942e296594dc40a
It is believed that the hacker could be the same person who was involved in the attack on the $16M Indexed Finance hack on Oct 14, 2021.
This assumption is based on the presence of the same crypto address (involved in the Indexed Finance Hack) in the transaction history of KyberSwap’s operations.
Malicious Contract Used in the Attack: https://etherscan.io/address/0xaf2acf3d4ab78e4c702256d214a3189a874cdc13
Hacker Address: https://etherscan.io/address/0x50275e0b7261559ce1644014d4b78d4aa63be836
The Impact of the Hack
As per @DefiLlama data, KyberSwap’s total value locked (TVL) took a steep dive to touch $8.53M (when writing this) from $87.14M on Nov 21.
The prices of KNC tokens also plunged from $0.7722 to $0.7155 due to the exploit.
This steep dive can be attributed to the massive hack and @KyberNetwork’s advice to users to withdraw funds as a safety measure.
Kyber Network’s Response
Following the incident, Kyber Network swiftly alerted its users via a Twitter post, acknowledging the security breach on their KyberSwap Elastic platform. As a precaution, they advised users to withdraw their funds.
Additionally, this is the specific contract address (0x6131b5fae19ea4f9d964eac0408e4408b66337b5)
to revoke permissions from—for those wishing to take extra measures to safeguard their assets.
Previous Exploits on Kyber Network
Interestingly, the @KyberNetwork team identified another vulnerability in April this year. Even at that time, it had advised users to withdraw liquidity.
Fortunately, no funds were reported lost in that incident.