Multi-chain DeFi protocol Kyber Network (KNC) revealed that it suffered an exploit on its frontend on Sept. 1, leading to a loss of $265,000 from two whale wallets.
1/ ❗️Notice of Exploit of KyberSwap Frontend:
We identified and neutralized an exploit on the KyberSwap frontend. Affected users will be compensated. We have summarized the details in this thread⬇️
— Kyber Network (@KyberNetwork) September 1, 2022
Hacker inserted malicious code into KyberSwap’s frontend
According to Kyber Network, its team “identified a malicious code in our Google Tag Manager (GTM)which inserted a false approval, allowing a hacker to transfer users’ funds to his address.”
Kyber continued that the threat was “neutralized” within two hours, assuring its users that it is now “safe to use all KyberSwap functions.”
KyberSwap is a multi-chain decentralized exchange (DEX) that allows users to swap tokens between different blockchains. Kyber revealed that the hack only affected the DEX’s user interface.
The Kyber team has assured the affected wallets that they will be compensated.
4/ USD$265K of user funds were lost, with 2 affected addresses, and users will be compensated. It appears the attacker was targeting whale wallets.
— Kyber Network (@KyberNetwork) September 1, 2022
Meanwhile, the team has offered the hacker 15% of the funds if he chooses to return it. According to the Kyber team, there is no way for the hacker to cash out the funds through centralized exchanges that he wouldn’t be revealing himself.
7/ We strongly urge all #DeFi projects to conduct a thorough check on your frontend code & associated Google Tag Manager (GTM) scripts as the attacker may have targeted multiple sites. Let’s work together as one #DeFi community to defend against these malicious attacks
— Kyber Network (@KyberNetwork) September 1, 2022
Kyber Network’s KNC token has risen by 1.7% in the last 24 hours to $1.76 despite the hack.
DeFi hacks on the up
A recent token terminal report revealed that over $4.2 billion had been stolen over the past two years due to lacking security practices in DeFi.
The Federal Bureau of Investigation also said that 97% of stolen $1.3 billion crypto assets in the first quarter of this year were from DeFi protocols.
In August alone, the crypto space witnessed several hacks that led to the loss of over $150 million. The hacks range from Solana (SOL) wallets exploit hacking Acala, Curve Finance, Nomad Bridge, and others.