Doug Colkitt, founder of Ambient Exchange, has revealed that the thief who stole $46 million from KyberSwap used a sophisticated smart contract exploit known as an "infinite money glitch." The attacker exploited KyberSwap's concentrated liquidity feature, tricking the contract into thinking it had more liquidity than it actually did. This exploit is unique to Kyber's implementation of concentrated liquidity and is unlikely to work on other decentralized exchanges. Despite the presence of a failsafe mechanism, the attacker was able to execute a carefully engineered smart contract exploit by setting the swap quantity just below the upper bound for reaching the tick boundary. The attacker has expressed a willingness to negotiate the return of some of the stolen funds.
All Comments