KyberSwap: The Targeted Attack, Security Breach & Demands of the Hacker
In November 23, 2023, KyberSwap experienced a significant security breach, with losses approximating around $54.7 million, as per recent assessments. The breach involved a well-planned and meticulous sequence of steps.
Critical Vulnerability In Liquidity Management System
The attack initiated with the hacker borrowing 2000 Wrapped Ether (WETH) through a flash loan from the AAVE protocol. The subsequent steps involved strategic swaps and liquidity manipulations that allowed the attacker to profit from price discrepancies in the KyberSwap pool.
The hacker was able to exploit a critical vulnerability in the liquidity management system, manipulating liquidity amounts within a specified range and taking advantage of an error in the token exchange calculations. Consequently, KyberSwap failed to update the liquidity, allowing the attacker to obtain more tokens than initially anticipated.
KyberSwap Must Yield Authority And Assets
As the security breach unfolded, the hacker issued bold demands demanding complete executive control, temporary authority over KyberDAO, and a significant buyout of executives and employees. The hacker also promises to restore the value of tokens, transform Kyber into a new crypto project, and compensate LP participants for recent market-making losses.
Future of KyberSwap
The fate of KyberSwap now remains uncertain as there has been no official response to the hacker’s demands. With a deadline of December 10th to meet the demands, the leaders of the protocol face an urgent need to address the situation within a tight timeframe of just over 10 days.
The attack has also affected Kyber’s native token KNC, with an 11% price drop seen on the daily chart. The broader implications of this security breach and the potential responses by the KyberSwap leadership are yet to be determined.
### News source: bitcoinist.com