KyberSwap Exploit: Vulnerability Leads to $48.8 Million Loss
An exploit on KyberSwap occurred on November 22 due to a vulnerability in the tick interval boundaries of its concentrated liquidity pools. This allowed an individual to artificially double the liquidity and drain value, resulting in a loss of $48.8 million.
KyberSwap initially reported that $47 million had been taken, but later confirmed the higher amount. In an effort to negotiate with the hacker, Kyber offered a 10% white hat bounty as a reward for returning the funds. However, the hacker rejected the offer and made other demands, including requesting complete control over the project.
Separately, the Kyber team managed to recover $4.7 million in funds that were drained by third-party MEV bots during the hack.
About the Author
MK Manoylov has been a reporter for The Block since 2020. With a focus on NFTs, metaverse, web3 gaming, funding, crime, hacks, and crypto ecosystem stories, MK has written nearly 1,000 articles for the publication. MK holds a graduate degree from New York University’s Science, Health and Environmental Reporting Program (SHERP) and has also covered health topics for WebMD and Insider. Follow MK on Twitter @MManoylov and on LinkedIn.
Hot Take: Security Breach Exposes Vulnerabilities in KyberSwap
A recent security breach at KyberSwap has highlighted vulnerabilities within its concentrated liquidity pools. The exploit resulted in a substantial loss of $48.8 million for the platform. Despite offering a 10% white hat bounty as an attempt to negotiate with the hacker, the demands made by the hacker were unreasonable, including a request for complete control over the project.
While KyberSwap managed to recover $4.7 million of the funds taken by third-party MEV bots, this incident emphasizes the need for robust security measures in the crypto industry. It serves as a reminder for platforms and users alike to remain vigilant and implement stringent protocols to safeguard against potential exploits and attacks.
By
By
By
By