Decentralized exchange KyberSwap has recently fallen victim to a sophisticated cyber-attack, resulting in the loss of around $55 million in users’ funds. The attack, which occurred on November 22, was carried out by exploiting KyberSwap Elastic smart contracts through a series of complex actions, allowing the attackers to withdraw funds into their own wallets.
In response to the attack, KyberSwap took immediate action by pausing deposits, launching an investigation, and initiating negotiations with the attackers to recover as much of the funds as possible. The firm even offered a 10% bounty as an incentive for the return of the exploited funds to affected users.
According to DeFi expert Doug Colkitt, the attack was specifically targeted at KyberSwap’s implementation of concentrated liquidity, demonstrating a high level of skill and specialized knowledge on the part of the threat actors. By executing a precise sequence of on-chain steps, the attackers were able to exploit a vulnerability within the platform.
KyberSwap has since reached out to the owners of the frontrun bots responsible for extracting approximately $5.7 million from KyberSwap pools on Polygon and Avalanche during the exploit. Negotiations have resulted in the return of 90% of these funds, but the fate of the remaining $50 million remains uncertain.
In an effort to strengthen its defenses and prevent future attacks, KyberSwap has implemented additional security measures, including internal smart contract checks and audits by reputable firms such as 100proof, ChainSecurity, and community developers. The firm has also encouraged further scrutiny of its smart contracts through bug bounty programs with platforms like Immunefi.
The incident serves as a stark reminder of the constant threat posed by cyber-attacks in the cryptocurrency space, highlighting the importance of robust security measures and ongoing vigilance in safeguarding users’ funds. KyberSwap’s proactive response to the attack demonstrates its commitment to protecting its users and mitigating the impact of such incidents in the future.