Two “whale” addresses appeared to be impacted by the attack, according to Kyber, which plans to reimburse the losses. Kyber said it discovered the exploit, which let attackers insert a “false approval, allowing a hacker to transfer a user’s funds to his address,” on Sept. 1 and “neutralized” the threat within two hours.