Bitget App
Trade smarter
Buy cryptoMarketsTradeFuturesCopyBotsEarn
KyberSwap Attacker Taunts Protocol With Step-By-Step Guide

KyberSwap Attacker Taunts Protocol With Step-By-Step Guide

DailycoinDailycoin2023/11/23 15:12
By:Dailycoin
  • The attacker mocks the KyberSwap team and community.
  • DeFi exploits are so commonplace that they are now an expected occurrence.
  • The attack vector relates to a flash loan exploit

Decentralized finance (DeFi) protocols have long struggled with security vulnerabilities and exploits by savvy attackers, greatly hindering mainstream adoption and acceptance. Despite rapid growth and innovative development in DeFi, harmful hacking incidents continue at an alarming rate.

KyberSwap DEX, an Ethereum-based multi-chain platform is the latest to fall victim to an attack, losing an estimated $47 million through a flash loan exploit. Adding insult to injury, the hacker brazenly posted on-chain messages detailing his walkthrough of the attack method, taunting the KyberSwap developers.

KyberSwap Attacker

Not content with heisting funds, the hacker brazenly posted on-chain messages detailing his step-by-step explainer on how to manipulate the protocol and exploit the code. 𝕏 account “Madotsuki.eth” joked that the hacker’s messages give security experts inside knowledge on “how not to build your contract.”  

hacker takes you step by step through the process lmao https://t.co/eboTav2Voo pic.twitter.com/kynwt3rTO0

— Fudzy (@fozzydiablo) November 22, 2023

After completing the attack, the hacker further taunted the protocol developers and community in a final message that laid out his intention to negotiate after taking a short rest, suggesting that the attacker may return the stolen funds and/or is angling for a whitehat bounty reward and immunity from prosecution. 

Here’s what the Kyberswap hacker had to say! pic.twitter.com/wOEXMdpsBq

— Smol News (@NewsInSmol) November 23, 2023

Security auditor Hacken estimates that losses total approximately $47 million, with Ethereum-compatible chains Arbitrum, Optimism, Kyber, Polygon, and Base affected, losing $20 million, $15 million, $7.5 million, $2 million, and $315k, respectively as a result of the flash loan exploit. 

Flash Loan Exploit

According to investigations by crypto audit firm BlockSec, the hacker exploited vulnerabilities in KyberSwap’s liquidity mechanisms through a flash loan. A flash loan is a type of loan where the borrower does not have to provide collateral upfront but returns the borrowed assets within the same block transaction. 

Using a flash loan, the attacker systematically manipulated price ticks and asset swap behavior across pools. This process resulted in double liquidity counting, subsequently enabling the withdrawal of funds from affected liquidity pools.  

On the Flipside

  • Ethereum is the most vulnerable chain , suffering a total of 71 DeFi hacks to date.
  • The KyberSwap DEX is deployed on 15 chains , including Ethereum , BNB Chain, Fantom, and Cronos.
  • The humorous reactions to the hacker’s on-chain messages highlight the degree to which the crypto community has become desensitized to DeFi hacks. 

Why This Matters

The KyberSwap exploit further shakes faith in DeFi protocols, underscoring that vulnerabilities still exist. Without shoring up these vulnerabilities, mainstream acceptance of DeFi remains severely compromised.

The total value locked in DeFi protocols is on the rise, read more here:
DeFi TVL Up 34% in a Month Suggesting Crypto Winter Thawing

Find out more on FTT’s rise as the crypto industry contends with the DoJ’s investigation of Binance here:
FTX’s FTT Token Jumps 37% as DoJ Drops Hammer on Binance

0

Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.

PoolX: Locked for new tokens.
APR up to 10%. Always on, always get airdrop.
Lock now!

You may also like

Solv to launch ‘onchain MicroStrategy’

Cointelegraph2024/11/30 19:44

SEC Sues a Cryptocurrency Company for More Than $100 Million in Alleged Fraud

The SEC has filed a lawsuit against a cryptocurrency company for allegedly committing a $115 million fraud, according to the latest information.

Bitcoinsistemi2024/11/30 17:00