🇺🇦 Hacken stands with Ukraine!
Learn more
KyberSwap, a multi-chain DEX aggregator, fell victim to a smart contract reentrancy attack on November 23, 2023. The exploit led to a loss of approximately $47 million across multiple networks and a 90% drop in TVL.
Let’s take a closer look.
Total Value Locked dropped 90% from $84.9M to $8.28M million on the day of the hack, which exemplifies the profound impact of smart contract vulnerabilities. Initially, the exploit led to the direct loss of $49M. Subsequently, KyberNetwork’s recommendation resulted in an additional $27M being withdrawn by users.
The core of the exploit was most likely a vulnerability in the mint function of KyberSwap’s new v2 reinvestment token (KS2-RT). This implementation contained some sort of mint callback, which might have created a loophole for reentrancy attacks.
Note: If other KyberSwap forks aren’t implementing this v2 reinvestment schema, they are probably not vulnerable.
Kyber Network, in a swift reaction to the breach, issued an urgent advisory to users, urging them to withdraw their funds as a precautionary measure. The team is actively investigating the incident to understand its full scope and implement necessary security measures.
This incident underscores the need for rigorous security protocols in DeFi platforms, particularly in the management and implementation of smart contracts. The reentrancy vulnerability exploited in this case highlights the critical importance of:
Follow @hackenclub on 𝕏 (Twitter)
The KyberSwap attack serves as a reminder of the constant threats in the DeFi ecosystem. As we navigate this dynamic landscape, it’s imperative for all stakeholders to adopt a security-first approach, continuously enhancing their defenses against sophisticated exploits. This proactive stance is crucial in maintaining trust and stability in the world of decentralized finance.
Stay updated with the latest in blockchain security.
With several landmark events occurring in the crypto space this quarter, indicating a path towards a regulated future, we continue to closely monitor hacks and scams to assess the industry’s state of security and observe emerging trends. This time, we teamed up with the HackenProof research team to analyze the data and provide the community
Discover the biggest hacks, scams, and emerging trends in our Q1 2024 Web3 Security Report. Don’t miss out—access it now!
Explore the current state of gender representation in the crypto space with our International Women’s Day Special.
