KyberSwap Attacker Taunts Protocol With Step-By-Step Guide

The KyberSwap attacker posts on-chain messages detailing the protocol exploit, even saying thank you.

Hacker teaching how to hack Kyber network.
Created by Kornelija Poderskytė from DailyCoin
  • The attacker mocks the KyberSwap team and community.
  • DeFi exploits are so commonplace that they are now an expected occurrence.
  • The attack vector relates to a flash loan exploit

Decentralized finance (DeFi) protocols have long struggled with security vulnerabilities and exploits by savvy attackers, greatly hindering mainstream adoption and acceptance. Despite rapid growth and innovative development in DeFi, harmful hacking incidents continue at an alarming rate.

KyberSwap DEX, an Ethereum-based multi-chain platform is the latest to fall victim to an attack, losing an estimated $47 million through a flash loan exploit. Adding insult to injury, the hacker brazenly posted on-chain messages detailing his walkthrough of the attack method, taunting the KyberSwap developers.

KyberSwap Attacker

Not content with heisting funds, the hacker brazenly posted on-chain messages detailing his step-by-step explainer on how to manipulate the protocol and exploit the code. 𝕏 account “Madotsuki.eth” joked that the hacker’s messages give security experts inside knowledge on “how not to build your contract.”  

After completing the attack, the hacker further taunted the protocol developers and community in a final message that laid out his intention to negotiate after taking a short rest, suggesting that the attacker may return the stolen funds and/or is angling for a whitehat bounty reward and immunity from prosecution. 

Security auditor Hacken estimates that losses total approximately $47 million, with Ethereum-compatible chains Arbitrum, Optimism, Kyber, Polygon, and Base affected, losing $20 million, $15 million, $7.5 million, $2 million, and $315k, respectively as a result of the flash loan exploit. 

Flash Loan Exploit

According to investigations by crypto audit firm BlockSec, the hacker exploited vulnerabilities in KyberSwap’s liquidity mechanisms through a flash loan. A flash loan is a type of loan where the borrower does not have to provide collateral upfront but returns the borrowed assets within the same block transaction. 

Using a flash loan, the attacker systematically manipulated price ticks and asset swap behavior across pools. This process resulted in double liquidity counting, subsequently enabling the withdrawal of funds from affected liquidity pools.  

On the Flipside

  • Ethereum is the most vulnerable chain, suffering a total of 71 DeFi hacks to date.
  • The KyberSwap DEX is deployed on 15 chains, including Ethereum, BNB Chain, Fantom, and Cronos.
  • The humorous reactions to the hacker’s on-chain messages highlight the degree to which the crypto community has become desensitized to DeFi hacks. 

Why This Matters

The KyberSwap exploit further shakes faith in DeFi protocols, underscoring that vulnerabilities still exist. Without shoring up these vulnerabilities, mainstream acceptance of DeFi remains severely compromised.


The total value locked in DeFi protocols is on the rise, read more here:
DeFi TVL Up 34% in a Month Suggesting Crypto Winter Thawing

Find out more on FTT’s rise as the crypto industry contends with the DoJ’s investigation of Binance here:
FTX’s FTT Token Jumps 37% as DoJ Drops Hammer on Binance

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Samuel Wan

Samuel Wan is a finance professional turned crypto journalist, known for his insightful reporting on market trends, regulatory changes, and technological developments within the digital asset industry. His ability to simplify complex concepts and report the facts has made him a trusted source in the crypto community. Beyond his writing, Samuel is an active mountain biker and gamer.