Binance Identifies Perpetrators of KyberSwap’s $265k Heist
Binance crypto exchange has identified two suspects concerning the theft of $265,000 from decentralized exchange (DEX) protocol KyberSwap on Thursday, September 1, 2022, according to a tweet on September 3, 2022.
Binance, Crypto’s Big Brother
Roughly 48 hours after the KyberSwap exploit, the Binance security team has revealed that they have successfully tracked down and identified two hackers who may be responsible for the attack. The exchange says it has now involved the relevant authorities in the matter.
Binance CEO Changpeng Zhao (CZ) disclosed the findings on Twitter today (Sept. 3, 2022), noting that the company has shared the intel with KyberSwap and the appropriate law enforcement agencies.
“Binance security team has identified two suspects for yesterday’s KyberSwap hack. We have provided the intel to the Kyber team, and are coordinating with LE (law enforcement),” CZ tweeted.
This isn’t the first time that Binance has significantly helped exchanges or protocols to recover their funds or identify the culprits. In August this year, Binance recovered $450,000 stolen from Curve Finance which amounted to over 80 percent of the total funds stolen.
Hacks and security breaches have become rampant in the crypto space these days, with one of the biggest exploits coming in the first half of 2022 alone. Decentralized exchanges and liquidity protocols are bearing the biggest brunt of the problem so it’s perhaps refreshing to see that all crypto stakeholders are banding together to eradicate the problem of security breaches.
The KyberSwap Attack
Kyber Network, the liquidity protocol on which KyberSwap is built, recently confirmed reports that the protocol had been compromised, adding that the attack on its website was quickly identified and fixed within a few hours.
“On 1 Sep, 3.24 PM GMT+7, we identified a suspicious element on our front-end. Shutting down our front end to conduct investigations, we identified a malicious code in our Google Tag Manager (GTM) which inserted a false approval, allowing a hacker to transfer a user’s funds to his address.” GTM scripts are utilized by websites for tracking user activity and data for analytical purposes. Fortunately, the attack was identified and put a stop to after 2 hours of investigation.
“This is the first time a hack happened to us after five years, unfortunately, but our team handled this incident exceptionally well,” tweeted Loi Luu, Kyber’s co-founder. “Within a few hours since the hack is detected, we identified the malicious code (loaded on-the-fly via a reputable 3rd party js lib), removed it.”
Before the Kyber security team was able to mitigate the attack, $265,000 in Aave Matic interest-bearing USDC (AMUSDC) tokens was stolen in four transactions. Kyber Network then offered a 15% bounty worth $40,000 to the hackers if they return the stolen funds to the company.
They also warned all their users to double-check their approvals using the approval tool provided by polygonscan. The affected users of the network were also assured of getting their funds back, and they should state their case to the protocol’s discord channel.
Kyber also had a message for the hacker(s) stating that as “the doors of exchanges close upon” the hackers, they would not be able to cash in on the stolen funds without getting caught. In good faith, Kyber Network says they are offering the hackers a 15 percent cut as a bug bounty if the hackers return the funds and have a “conversation” with the team.