KyberSwap suffers multichain exploit, resulting in $45m loss

The Kyber Network team has confirmed the incident, urging users to promptly withdraw their funds.

Decentralized exchange protocol KyberSwap has allegedly suffered a hacker attack as more than $45 million worth of crypto has been drained from the project across multiple networks.

The Kyber Network team has confirmed the incident in an X post, advising users to “promptly withdraw their funds.” The team also noted that KyberSwap’s aggregator “is not impacted and is operating fully as normal.”

While the root cause of the attack is yet to be revealed, users suggest that the protocol allegedly suffered an exploit involving its liquidity pools. According to Unibot, a crypto trading bot for Telegram, the issue “does not appear to affect their router contract,” implying the incident should not affect Unibot users’ trades.

Analysts at blockchain firm BlockSec claim the hack was possible due to a “tick manipulation and double liquidity counting.”

“In summary, the attackers borrowed a flash loan and drained the pools with low liquidity. By executing swaps and altering positions, they manipulated the current prices and ticks of the victimized pools.”

BlockSec

Shortly after the attack, the hacker left an on-chain message, saying they will soon start negotiations with the Kyber Network team. Amid the incident, the total value of funds locked in KyberSwap plunged by almost 84% from $84.9 million down to $13.6 million, according to data from DefiLlama.

Security analysts at Lookonchain calculated that the hacker stole over 10,000 in wETH (valued at the moment of the attack at $20.7 million), more than 4,000 in wstETH ($9.5 million) and nearly 4 million in ARB (~$4.1 million) among other tokens across Base, Polygon, Optimism, Arbitrum and other networks.

Users believe the hacker is the same person who attacked Indexed Finance, referring to the same crypto address spotted in the transaction history of KyberSwap’s operations.