Cointime

Download App
iOS & Android

KyberSwap

ALL From KyberSwap

KyberSwap loses $46M to "infinite money glitch" exploit on concentrated liquidity feature

Doug Colkitt, founder of Ambient Exchange, has revealed that the thief who stole $46 million from KyberSwap used a sophisticated smart contract exploit known as an "infinite money glitch." The attacker exploited KyberSwap's concentrated liquidity feature, tricking the contract into thinking it had more liquidity than it actually did. This exploit is unique to Kyber's implementation of concentrated liquidity and is unlikely to work on other decentralized exchanges. Despite the presence of a failsafe mechanism, the attacker was able to execute a carefully engineered smart contract exploit by setting the swap quantity just below the upper bound for reaching the tick boundary. The attacker has expressed a willingness to negotiate the return of some of the stolen funds.
KyberSwap loses $46M to "infinite money glitch" exploit on concentrated liquidity feature

KyberSwap attackers are now in talks with contact teams

Cyvers Alerts stated on X platform that they have contacted the team for negotiations regarding the hacker targeting KyberSwap after a break.
KyberSwap attackers are now in talks with contact teams

BlockSec: KyberSwap hacked due to price movement manipulation and double liquidity counting

BlockSec stated on social media that KyberSwap was attacked due to price manipulation and double liquidity counting. The attacker borrowed a flash loan and depleted the lower liquidity pool. By executing swaps and changing positions, they manipulated the current price and price movements of the victim pool. Ultimately, the attacker triggered multiple exchange steps and cross-quoting operations, resulting in double liquidity counting and depleting the liquidity pool.

Scroll: Investigating potential issues with Kyber deployments on Scroll

Scroll, a second layer network on Ethereum based on ZK Rollup, is investigating potential issues with Kyber deployed on Scroll. It is not yet known what has happened, but it is recommended that everyone exercise extreme caution.

KyberSwap was attacked on multiple networks and the loss amounted to US$48.3 million

According to Spot On Chain, KyberSwap has been attacked on multiple networks, including Arbitrum, Optimism, Ethereum, Polygon, and Base. The losses amount to $48.3 million, primarily including 16,217 ETH (worth $33.5 million), 3,987,332 ARB (worth $4.06 million), 591,441 OP (worth $1.03 million), and 1,111,926 DAI.

KyberSwap attacker: Negotiations will begin in a few hours when I am fully rested

Attacker of KyberSwap left a message on the chain, saying, "Dear Kyberswap developers, employees, DAO members, and LPs, negotiations will begin in a few hours when I am fully rested."
KyberSwap attacker: Negotiations will begin in a few hours when I am fully rested

Kyber Network: Users are advised to withdraw funds from KyberSwap Elastic immediately. The team is investigating the incident.

On November 23, Kyber Network officially stated that KyberSwap Elastic users experienced a security incident. As a precaution, it strongly recommends that all users withdraw their funds immediately. The Kyber Network team is investigating this situation seriously and promises to keep users informed through regular updates.

KyberSwap may have been attacked and a total of approximately $47 million was stolen

DEX aggregator and liquidity platform KyberSwap has experienced abnormally large withdrawals on multiple chains, suspected to be a victim of an attack, with a total stolen amount of approximately $47 million.