Kyber Network offers bounty following $265K hack of decentralized exchange

Published at: Sept. 2, 2022

KyberSwap, the decentralized exchange built on liquidity protocol Kyber Network, has offered a hacker 15% of the funds from a $265,000 exploit as a bug bounty.

In a Thursday blog post, Kyber Network said a hacker had used a frontend exploit to pilfer roughly $265,000 worth of user funds from KyberSwap. The protocol said it will compensate all users for any missing funds related to the exploit, and directly addressed the hacker to give them an opportunity to return the funds in exchange for “a conversation with our team” and 15% of what was taken — roughly $40,000.

“We know the addresses you own have received funds from central exchanges and we can track you down from there,” said Kyber Network. “We also know the addresses you own have OpenSea profiles and we can track you through the NFT communities or directly through OpenSea. As the doors of exchanges close upon you, you will not be able to cash out without revealing yourself.”

1/ ❗️Notice of Exploit of KyberSwap Frontend:We identified and neutralized an exploit on the KyberSwap frontend. Affected users will be compensated. We have summarized the details in this thread⬇️

— Kyber Network (@KyberNetwork) September 1, 2022

Kyber Network reported shutting down its frontend following the discovery of a “suspicious element” at 8:24 AM UTC on Sept. 1. The platform disabled its user interface and found “a malicious code” in its Google Tag Manager which targeted “whale wallets with large amounts,” giving the hacker the ability to transfer funds to different addresses. According to Kyber Network co-founder Loi Luu, this was the first hack on the protocol in five years.

“The attack was identified and put a stop to after 2 hours of investigations,” said Kyber Network. “This attack was an FE exploit and there is no smart contract vulnerability.”

Related: DeFi isn’t dead, it just needs to fix these 3 critical problems

Hackers have used exploits to execute attacks on many decentralized finance protocols, including $100 million being removed from the Horizon Bridge in June and draining $200 million worth of crypto from the Nomad token bridge in August. Cointelegraph reported on Aug. 11 that the overwhelming majority of attackers responsible for the Nomad bridge hack copied the original exploit, directing funds to addresses they chose.

Tags
Related Posts
The aftermath of Axie Infinity’s $650M Ronin Bridge hack
In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million. The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game: There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP — Ronin (@Ronin_Network) March 29, 2022 The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator …
Blockchain / April 12, 2022
Maiar decentralized crypto exchange goes offline after bug discovery
The Maiar Exchange, a decentralized exchange (DEX) native to the Elrond blockchain, has been temporarily taken offline after an attacker utilized an exploit and made off with roughly $113 million worth of Elrond eGold (EGLD). Minutes before 12:00 am UTC on Monday, the co-founder and CEO of Elrond, Beniamin Mincu, tweeted that he and his team were “investigating a set of suspicious activities” on the Maiar decentralized cryptocurrency exchange. Soon after, the DEX was taken offline, with Mincu reporting that the issue had been identified and an “emergency fix” was being implemented. In a Twitter thread posted almost 24 hours …
Altcoin / June 7, 2022
Poly Network hacker returns nearly all funds, refuses $500K white hat bounty
The hacker behind a $610 million attack on the cross-chain decentralized finance (DeFi) protocol Poly Network has returned almost all of the stolen funds amid the project saying their actions constituted “white hat behavior.” According to a Thursday update on the attack from Poly Network, all of the $610 million in funds taken in an exploit that used "a vulnerability between contract calls” have now been transferred to a multisig wallet controlled by the project and the hacker. The only remaining tokens are the roughly $33 million in Tether (USDT), which were frozen immediately following news of the attack. The …
Business / Aug. 12, 2021
Binance and Huobi freeze $1.4M in crypto linked to North Korean hackers
Cryptocurrency exchanges Binance and Huobi have again frozen accounts linked to the $100 million Harmony Horizon bridge attack on Jun. 24, 2022. Around $1.4 million worth of crypto frozen by the trading platforms came from accounts linked to the notorious Lazarus Group operating out of North Korea. The investigation was carried out by blockchain analytics firm Elliptic, according to a report shared by the firm on Feb. 14. However, the firm didn’t state what coins or tokens were frozen. Exchanges @binance and @HuobiGlobal today froze accounts containing $1.4 million stolen by North Korea’s Lazarus Group. This was made possible thanks …
Blockchain / Feb. 15, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023