DEX protocol KyberSwap hacked for $47 million

Fibo Quantum

  • Decentralized exchange (DEX) protocol KyberSwap has been hacked for $47 million.
  • The attacker drained $20 million in WETH, $4 million ARB and $7 million wstETH. 
  • KNC price fell to $0.72 while TVL plunged to $13.6 million.

DEX platform KyberSwap has been hacked, with approximately $47 million worth of crypto assets drained from its liquidity pools. 

It is the latest attack in the crypto industry, with this coming just a day after HTX’s HECO chain bridge suffered an $86 million exploit.

KyberSwap exploited – what happened?

KyberSwap alerted its users to the exploit early Thursday, advising that customers withdraw their funds as a precaution. 

However, while it acknowledged the security incident, KyberSwap said the exploit did not impact its aggregator, which was reportedly “operating fully as normal.”

According to Smart Contract and EVM chain audit platform BlockSec, the KyberSwap exploit was “due to tick manipulation and double liquidity counting.” The on-chain security said in a post on X that this was a flash loan attack, with the hacker executing swaps and manipulating prices and ticks of targeted liquidity pools.

Ultimately, the attacker triggered multiple swap steps and cross tick operations, resulting in double liquidity counting and consequently draining the pools,” BlockSec noted.

Stolen funds include $20 million in wrapped Ether (wETH), $4 million in Arbitrum (ARB) and $7 million in wrapped Lido-staked Ether (wstETH). The assets are spread across Ethereum, Arbitrum, Optimism, Polygon, and Base. 

KyberSwap’s total value locked (TVL) fell sharply after the attack, with data from DeFiLlama showing $13.61 million – down from over $83 million before the exploit. The Kyber Network Crystal (KNC) token was down 3.1% at the time of writing, trading near $0.722.

Wood Profits Banner>