Unknown attackers hack KyberSwap frontend

ForkLog

3 years ago

Unknown attackers hack KyberSwap frontend

Hackers breached the front end of the non-custodial KyberSwap DeFi project Kyber Network. User losses amounted to 265,000 USDC.

1/ ❗️Notice of Exploit of KyberSwap Frontend:

We identified and neutralized an exploit on the KyberSwap frontend. Affected users will be compensated. We have summarized the details in this thread⬇️

— Kyber Network (@KyberNetwork) September 1, 2022

On September 1, the KyberSwap developers detected suspicious activity at the front end. After closing the interface to conduct an investigation, they found malicious code in the Google Tag Manager tool (GTM).

The exploit injected a fraudulent transaction approval, enabling the attackers to drain user funds to their own addresses.

The team relaunched the interface in under two hours, removing the malicious code from GTM.

The attack affected two addresses. The developers assured that those affected would receive full compensation. They believed the attackers were targeting whale wallets.

The KyberSwap team identified the hackers’ addresses on the Ethereum and Polygon networks, and reached out to various exchanges to track and block the movement of the stolen assets.

According to PeckShield, the initial funds for the attack were withdrawn by the attackers from the centralized BitMart platform.

#PeckShieldAlert @KyberNetwork suffered a frontend exploit, ~265k $amUSDC were taken from 0x20fc…dc. It revoked the approval.
The stolen funds currently mainly sit in 0xfd6F29…65
PeckShield has detected the initial funds of the exploit are withdrawn from @BitMartExchange https://t.co/YnsKnafoUw pic.twitter.com/BkTzQgnWiO

— PeckShieldAlert (@PeckShieldAlert) September 2, 2022

KyberSwap offered the hackers a route to contact them and return the stolen funds for a bounty equal to 15% of the amount.

3 September 2022 | 16:56Update:

Binance CEO Changpeng Zhao said that the security team of the Bitcoin exchange identified two suspects in the hack and passed the information to KyberSwap’s team. The company is now coordinating its actions with law enforcement.

#Binance security team has identified two suspects for yesterday’s KyberSwap hack. We have provided the intel to the Kyber team, and are coordinating with LE (law enforcement).

Stay #SAFU. https://t.co/tbQBGaGTNG

— CZ 🔶 BNB (@cz_binance) September 3, 2022

According to Dune Analytics, the platform sits 18th in the weekly DEX volume ranking, with $2.57 million. The leader is Uniswap, with $8.8 billion.

Earlier in August, the FBI issued a warning about the most common vulnerabilities used by cybercriminals to attack DeFi platforms.

Read ForkLog’s bitcoin news on our Telegram — news on cryptocurrencies, prices and analysis.