The “Infinite Money Glitch” Exploit: How the KyberSwap Attack Happened
An attacker successfully drained $46 million from KyberSwap using a sophisticated smart contract exploit, according to Ambient exchange founder Doug Colkitt. The exploit, which Colkitt called an “infinite money glitch,” took advantage of KyberSwap’s concentrated liquidity feature. By tricking the contract into believing it had more liquidity than it actually did, the attacker was able to drain funds.
Understanding the Exploit
Most decentralized exchanges offer a concentrated liquidity feature that allows liquidity providers to set buy and sell prices for crypto. However, this specific exploit is unique to KyberSwap and may not work on other DEXs. The attack targeted individual pools within KyberSwap and followed a similar pattern for each attack.
The Attack Process
In one example, the attacker borrowed 10,000 wstETH (worth $23 million) from Aave and dumped $6.7 million worth of tokens into the ETH/wstETH pool. This caused the price to collapse, resulting in zero liquidity. The attacker then deposited 3.4 wstETH and offered to buy or sell within a specific price range. They withdrew 0.56 wstETH immediately after the deposit, potentially to manipulate calculations.
The attacker performed two additional swaps, pushing the price up and then back down. In theory, these swaps should have had no effect since they were trading with their own liquidity. However, due to an arithmetic peculiarity, the protocol failed to remove liquidity in one swap and added it back in the final swap. This allowed the attacker to profit by receiving 3,911 wstETH for a minimal amount of ETH.
The Result
The attacker repeated this exploit on other KyberSwap pools across multiple networks, ultimately stealing $46 million in crypto. Despite KyberSwap’s failsafe mechanisms, the attacker carefully engineered the exploit to stay just outside the range that would trigger the failsafe.
Hot Take: A Complex and Carefully Engineered Attack
The KyberSwap attack stands out as one of the most complex and carefully engineered smart contract exploits ever seen. The attacker leveraged a unique implementation of concentrated liquidity and meticulously manipulated numerical values to drain funds from multiple pools. This incident highlights the importance of robust security measures and constant vigilance within the decentralized exchange ecosystem. Crypto users must remain cautious and informed to protect their assets from sophisticated attacks like this one.
By
By
By
By
By
By