NIGHTMARE NIGHT FOR KYBERSWAP VICTIM OF $47 MILLION HACK

An eventful end to the year. From January to October 2023, more than a billion dollars were stolen from the crypto ecosystem. A toll that continues to grow with repeated hacks since the beginning of October. Today, the KyberSwap exchange protocol was the target of a hack.

KYBERSWAP HACK: 47 MILLION DOLLARS STOLEN

During the night from Wednesday to Thursday, an Internet user alerted on X (Twitter) that an attack was in progress on KyberSwap. Unfortunately, the attacker targets multiple instances of the protocol on different chains.

The damage was quickly estimated at more than $47 million. The hacker stole 7.5 million from Ethereum, 15 million from OP Mainnet, 20 million from Arbitrum, 2 million from Polygon and a few hundred thousand dollars from Base.

Theft is made up of ETH and various variants such as wstETH, wETH, cbETH. There are also L2 tokens like ARB and OP as well as stablecoins.

Finally, less than an hour after this first alert, the KyberSwap teams confirmed the news about X.

We learn that it was the KyberSwap Elastic pools that were targeted by the hacker. As a reminder, KyberSwap Elastic is an advanced version of KyberSwap Classic AMM.

“KyberSwap Elastic builds on the capital amplification capabilities of its Classic counterpart by incorporating emerging concepts of concentrated liquidity popularized by Uniswap V3. By merging the benefits of each, KyberSwap Elastic allows liquidity providers to determine their preferred liquidity price ranges while maximizing returns through greater capital efficiency as well as automatic yield compounding. »

PROGRESS OF THE ATTACK

Hours after this event, researchers at BlocSec published a concise explanation of the attack on

So, it appears that KyberSwap was exploited due to tick manipulation and double counting