Decentralized Exchange KyberSwap Falls Victim to Security Breach
KyberSwap, a decentralized exchange (DEX) aggregator and liquidity protocol that plays a key role in the Kyber Network’s liquidity hub, recently experienced a targeted security breach. The breach resulted in the theft of approximately $54.7 million, according to reports from the SlowMist Security Team. Now, more than a week after the initial attack, the hacker has made bold demands.
Exploiting a Critical Vulnerability
The attacker executed a meticulously planned attack by borrowing 2000 Wrapped Ether (WETH) through a flash loan from the AAVE protocol. They then conducted a swap for frax Ether (frxETH) in the KyberSwap pool, intentionally manipulating the price to exceed liquidity providers’ positions. By strategically controlling liquidity amounts and performing various swaps, the attacker managed to profit from this manipulation.
Flaw in Liquidity Management System
The root cause of the attack was a miscalculation of token amounts for exchanges based on current and boundary tick prices. Due to KyberSwap Elastic’s Reinvestment Curve, excess liquidity was inadvertently created, resulting in a larger calculated amount than expected. This flaw allowed the attacker to obtain more tokens than initially anticipated.
Hacker’s Demands
In an unexpected turn of events, the hacker issued demands that included complete executive control over KyberSwap, temporary ownership of the governance mechanism (KyberDAO), and surrender of all assets. The hacker promised to buy out executives at a fair valuation, double employee salaries, and provide severance packages for employees who choose to leave. They also pledged to transform Kyber into a new crypto project and compensate LP participants for their recent market-making losses.
Uncertain Future for KyberSwap
The protocol’s leaders are currently grappling with the situation and the urgent need to address the hacker’s demands within a tight timeframe. As of now, there has been no official response to the hacker.
Hot Take: KyberSwap Faces Unprecedented Challenges Following Security Breach
KyberSwap, a decentralized exchange and liquidity protocol, recently fell victim to a targeted security breach resulting in a significant loss of funds. The attacker exploited a critical vulnerability in the liquidity management system, manipulating token prices to their advantage. Now, the hacker has issued audacious demands, including full control over KyberSwap and its assets. The future of KyberSwap hangs in the balance as its leaders grapple with this unprecedented situation. It remains to be seen how they will respond and whether they can meet the hacker’s demands within the given timeframe. This incident highlights the ongoing challenges faced by decentralized exchanges in terms of security and governance.
By
By
By
By
By