DeFi Exchange KyberSwap Suffers $265,000 Frontend Exploit
Following the front-end exploit that occurred last month with Curve Finance, the decentralized exchange (DEX) KyberSwap has joined the growing list of DeFi projects that have been compromised.
On Friday, the liquidity protocol on which KyberSwap is built, the Kyber Network, acknowledged the reports and added that the attack on its website was immediately recognized and repaired within a few hours time.
According to a tweet sent off by Kyber Network, “around 3.24 pm GMT+7, we spotted a suspicious element on our frontend.” While doing investigations that required us to shut down our front, we discovered malicious code in our Google Tag Manager (GTM), which we promptly removed after discovering it.
According to the notice made by the company, the criminals were able to gain access to the front end of the application through the script for Google Tag Manager (GTM).
Websites frequently employ GTM scripts for the aim of tracking user activity and data for the purposes of analytical research.
By injecting a malicious script into GTM, the hackers forced users to authorize the transfer of their funds, at which point the monies were delivered to the hackers’ addresses.
Loi Luu, the co-founder of Kyber, stated that
“This is the first time a hack happened to us after five years; unfortunately, however, our team handled this event very effectively. Within a few hours of the hack being discovered, we were able to identify the malicious code (which was loaded on the fly by a trustworthy third-party js lib), and we were able to remove it.”
Aave Matic interest-bearing USDC (AMUSDC) tokens worth a total of $265,000 were able to be moved by the hacker in four separate transactions before the patch was implemented.
Aave can be found operating on the Ethereum blockchain in addition to a number of other blockchains, including Polygon. On Aave’s Polygon integration, the token you see above is a USDC stablecoin that has been deposited. Users will receive the interest-bearing version of the token to represent their deposits on the lending platform each time a token of this kind is deposited on the platform.
In the exploit that took place on Friday, the hackers were successful in stealing the version that carried interest.
Kyber Network sent a warning to all of its users, instructing them to check their approvals using the approval tool that is supplied by polygonscan, which is a block explorer.
6/ If you suspect or find that your address has interacted with the malicious script or has been given wrongful approval, we have provided instructions to revoke the approval in our blog post https://t.co/3qDRccZKPs
— Kyber Network (@KyberNetwork) September 1, 2022
The smart contracts associated with the DeFi project do not appear to have been impacted.
Those who can exploit KyberSwap will receive a reward of $40,000!
Kyber Network has made a reward of 15% of the monies that were taken, amounting to $40,000, available to the hackers if they return the money. A request has been made for the remaining cash to be sent to a wallet address that has been supplied by the company.
As of the time, this article was written, none of the funds had been refunded.
It is not the first time that the cryptocurrency sector has been hacked, nor will it be the final time that it has been hacked. This year has seen two of the most devastating cyberattacks in history: the first, in January, targeted an Ethereum-to-Solana bridge network, and the second, in March, targeted a crypto bridge operated by Axie Infinity named Ronin.
The damages incurred by users during that time period were a combined $878 million due to these two separate attacks.