BanklessTimes
Home News Kyber Network Whales Lose $265k in Attack

Kyber Network Whales Lose $265k in Attack

Daniela Kirova
Daniela Kirova
Daniela Kirova
Author:
Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.
January 31st, 2023
  • Faulty code allowed attackers to insert false fund transfer approval
  • Kyber eliminated the bad script by disabling GTM

Multichain DeFi platform Kyber Network lost approximately $265,000 due to a platform vulnerability to its website code, CoinDesk wrote, citing a statement from Kyber published on the latter’s blog.

The attack appears to have impacted two “whale” addresses, but Kyber plans to reimburse the losses.

Attacker targeted whale addresses

The platform tweeted:

Users will be compensated. It appears the attacker was targeting whale wallets.

Criminals inserted “false approval”

Kyber soon discovered the weakness in its code, which made the exploit possible. It allows attackers to insert false approval, thereby letting them transfer users’ funds to their address on September 1. The threat was neutralized within two hours.

KyberSwap hit the hardest

The attack hit the DEX KyberSwap, which enables users to exchange currencies on different blockchains. No damage was done to KyberSwap’s blockchain contracts. The issue stemmed from malicious Google Tag Manager (GTM) code in the KyberSwap website.

Upon further investigation, Kyber found they could eliminate the bad script by disabling GTM, and there was no more suspicious activity thereafter.

The attackers had injected the script discreetly. Kyber proceeded to restore the user interface and took subsequent measures to identify all of the attackers and victims’ addresses as well as the scope of damage inflicted.

Kyber added in another tweet:

We strongly urge all DeFi projects to conduct a thorough check on your frontend code and associated Google Tag Manager (GTM) scripts as the attacker may have targeted multiple sites.

While this attack was not significant compared to other recent ones impacting DeFi projects, some of which caused losses of hundreds of millions of dollars, it does draw attention to the myriad of vulnerabilities putting DeFi users at risk.

Contributors

Daniela Kirova
Writer
Daniela is a writer at Bankless Times, covering the latest news on the cryptocurrency market and blockchain industry. She has over 15 years of experience as a writer, having ghostwritten for several online publications in the financial sector.