- The attacker mocks the KyberSwap team and community.
- DeFi exploits are so commonplace that they are now an expected occurrence.
- The attack vector relates to a flash loan exploit.
Decentralized finance (DeFi) protocols have long struggled with security vulnerabilities and exploits by savvy attackers, greatly hindering mainstream adoption and acceptance. Despite rapid growth and innovative development in DeFi, harmful hacking incidents continue at an alarming rate.
KyberSwap DEX, an Ethereum-based multi-chain platform is the latest to fall victim to an attack, losing an estimated $47 million through a flash loan exploit. Adding insult to injury, the hacker brazenly posted on-chain messages detailing his walkthrough of the attack method, taunting the KyberSwap developers.
KyberSwap Attacker
Not content with heisting funds, the hacker brazenly posted on-chain messages detailing his step-by-step explainer on how to manipulate the protocol and exploit the code. 𝕏 account “Madotsuki.eth” joked that the hacker’s messages give security experts inside knowledge on “how not to build your contract.”
After completing the attack, the hacker further taunted the protocol developers and community in a final message that laid out his intention to negotiate after taking a short rest, suggesting that the attacker may return the stolen funds and/or is angling for a whitehat bounty reward and immunity from prosecution.
Security auditor Hacken estimates that losses total approximately $47 million, with Ethereum-compatible chains Arbitrum, Optimism, Kyber, Polygon, and Base affected, losing $20 million, $15 million, $7.5 million, $2 million, and $315k, respectively as a result of the flash loan exploit.
Flash Loan Exploit
According to investigations by crypto audit firm BlockSec, the hacker exploited vulnerabilities in KyberSwap’s liquidity mechanisms through a flash loan. A flash loan is a type of loan where the borrower does not have to provide collateral upfront but returns the borrowed assets within the same block transaction.
Using a flash loan, the attacker systematically manipulated price ticks and asset swap behavior across pools. This process resulted in double liquidity counting, subsequently enabling the withdrawal of funds from affected liquidity pools.
On the Flipside
- Ethereum is the most vulnerable chain, suffering a total of 71 DeFi hacks to date.
- The KyberSwap DEX is deployed on 15 chains, including Ethereum, BNB Chain, Fantom, and Cronos.
- The humorous reactions to the hacker’s on-chain messages highlight the degree to which the crypto community has become desensitized to DeFi hacks.
Why This Matters
The KyberSwap exploit further shakes faith in DeFi protocols, underscoring that vulnerabilities still exist. Without shoring up these vulnerabilities, mainstream acceptance of DeFi remains severely compromised.
Sponsored
The total value locked in DeFi protocols is on the rise, read more here:
DeFi TVL Up 34% in a Month Suggesting Crypto Winter Thawing
Find out more on FTT’s rise as the crypto industry contends with the DoJ’s investigation of Binance here:
FTX’s FTT Token Jumps 37% as DoJ Drops Hammer on Binance
