Kyber Network, the multi-chain DeFi liquidity hub, has become the latest decentralized finance (DeFi) protocol to be exploited, as a vulnerability in its website allowed hackers to steal approximately $265,000.
Kyber Network Loses $265k in Frontend Exploit
On Thursday, September 1, Kyber Network announced that it had “identified and neutralized” an exploit on its front end. Kyber said the threat was neutralized two hours after it was discovered in its front end.
Kyber reported that the exploit was carried out through a malicious code in its Google Tag Manager (GTM), which inserted a false approval, allowing the hacker to transfer the user’s funds to their address.
On-chain data showed that two “whale” addresses were affected by the attack. The exploit saw the hackers drain approximately $265,000 in the process. Kyber has compiled a list of suspicious wallet addresses active during the exploit.
KyberSwap to Reimburse All Victims
After reporting the incident, Kyber announced that it will reimburse the losses of the users who were affected by the exploit. Kyber also noted that the attack was specifically targeted at whale addresses.
Kyber has also advised other DeFi projects to run thorough checks on their frontend code and associated Google Tag Manager (GTM) scripts. Kyber believes that the attacker may have targeted multiple sites.
On the Flipside
- Kyber Network recently partnered with Lido Finance Partners to enhance liquidity on Polygon with over $120,000 in liquidity mining rewards.
Why You Should Care
The quick action of Kyber in neutralizing the attack helped in limiting the number of tokens the hackers were able to steal.
To learn more about Kyber Network, read:
Find out why DeFi attacks are increasing in: