Kyber Network’s co-founder was quick to note that this exploit was the first attack on the project in five years. The Curve Finance exploit was discovered last month. KyberSwap now joins the ranks of DeFi projects that have been subject to a front-end attack.
reported Friday that the Kyber Network, which is the liquidity protocol upon which KyberSwap was built, confirmed reports. They also stated that the attack on their website was quickly detected and resolved within a matter of hours.
Kyberswap tweeted it’s exploit findings
“We identified a suspicious element in our frontend at 3.24 PM GMT+7,” Kyber Network tweeted. “We shut down our frontend in order to investigate and found a malicious code within our Google Tag Manager (GTM). We immediately disabled it.”
According to the announcement of the company, the thieves were able compromise the app’s frontend using the Google Tag Manager script.
Websites often use GTM scripts to track user activity and collect data for analysis purposes.
The hackers used the GTM injected malicious code to make users approve funds and send them to the hacker.
Tweeted Loi Luu , Kyber’s cofounder. “We identified the malicious code (loaded via a trusted 3rd-party js lib) and removed it within a matter of hours.
However, before the fix, the hacker was capable of moving $265,000 worth Aave Matic interest bearing USDC (AMUSDC), tokens in just four transactions.
Aave is available on Ethereum and several other blockchains including Polygon. The token above represents a USDC stablecoin that was deposited on Aave’s Polygon integration. Users receive an interest-bearing token when they deposit a token similar to this on the lending platform.
This is the interest-bearing version that hackers captured in Friday’s exploit.
Kyber Network advised all users to double-check approvals using the approval tool provided the block explorer, Polygonscan.
KyberSwap offers hackers a bounty to return funds
The hackers will be offered a bounty of 15% worth $40,000 by Kyber Network if they return stolen funds. The company will request that the remaining funds be transferred to a address.
At the time of writing, there have been no refunds.
It is not the first hack of the crypto industry, nor will it ever be the last. This year saw two of the most significant hacks ever: first, an Ethereum-to Solana bridge network was hacked in January and secondly Ronin, a crypto bridge owned by Axie Infinity in March.
These two hacks alone accounted for $878 million in losses to users.