DEX protocol KyberSwap appears to lose $47 million in possible exploit

Security • November 22, 2023, 6:32PM EST
Published 1 minute earlier on
UPDATED: November 22, 2023, 8:33PM EST
the block

Quick Take

  • Unexpected wallet movements suggest KyberSwap has suffered a $47 million exploit.
  • The funds seem to have been drained from liquidity providers.

Decentralized exchange protocol KyberSwap appears to have suffered a $47 million exploit, according to on-chain data. The funds were from its Elastic Pools liquidity solution.

Funds have been unexpectedly moved from wallets associated with the protocol into a single wallet, as first pointed out by a user known as Spreek on X.

The funds include $20.7 million Arbitrum, $15 million on Optimism, $7 million on Ethereum, $3 million on Polygon and $2 million on Base.

A large portion of the funds are denominated in various forms of ether, such as wrapped tokens and liquid staking tokens, as well as other tokens including arbitrum (ARB) and various stablecoins.

KyberSwap warned in a post on X that KyberSwap Elastic experienced a “security incident” and advised all users to promptly withdraw their funds. “Our team is diligently investigating the situation, and we commit to keeping you informed with regular updates.”

A message in a transaction that appears to have been sent by the attacker said, “Dear Kyberswap Developers, Employees, DAO members and LPs, Negotiations will start in a few hours when I am fully rested. Thank you.”

KyberSwap Elastic lets liquidity providers choose their preferred price ranges while seeing their yields automatically compound.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

"I looked into the [transaction] and dont think it's an approval issue with kyber aggregator, seems like hacker is just draining the kyber [liquidity provider] pools," noted 0xngmi, a pseudonymous employee at crypto data site DefiLlama, on X. He added that the total value locked in the protocol is $72 million. This doesn't appear to have been affected.

The price of Kyber Network Crystal KNC +2.66% fell sharply on the news of the possible exploit. Image: The Block's price page.

"Looks like the Kyber exploits is flash loans and some sort of math/rounding issue. Each [transaction] is starting with an ETH balance coming in, looped mint/redeem/swap," noted Adam Cochran, general partner at Cinneamhain Ventures, on X.

We have reached out to Kyber Network for comment.

The article has been updated with more details.


Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Tim is the Editor-In-Chief of The Block. Prior to joining The Block, Tim was a news editor at Decrypt. He has earned a bachelor's degree in philosophy from the University of York and studied news journalism at Press Association Training. Follow him on X @Timccopeland.

Editor

To contact the editor of this story:
Timmy Shen at
[email protected]

More by Tim Copeland