KyberSwap, a decentralized exchange built on the liquid protocol, Kyber Network, has offered 15% of its funds from a $265,000 exploit as a bug bounty.
In a Thursday blog post, Kyber Network said a hacker used a front-end exploit to steal nearly $265,000 in user funds from KyberSwap. The protocol states that it will compensate all users for any missing funds related to the exploit, and will “talk to our team” to give them a chance to return the money directly to the hacker and 15% of what was taken – roughly $40,000.
“We know that your addresses have received funds from central exchanges, and then we can track you,” Kyber Network said. “Also, we know that the addresses you own have OpenSea profiles and we can track them through NFT communities or directly through OpenSea. When the exchange doors are closed, you cannot withdraw money anonymously.”
1/ ❗️KyberSwap Frontend Exploit Notice:-
We have identified and neutralized an exploit on the KyberSwap frontend. Injured users will be compensated. We have summarized the details in this article⬇️
— Kyber Network (@KyberNetwork) September 1, 2022
CyberNetwork reported that the front page was closed on September 1 at 8:24 AM UTC due to the creation of a “suspicious element”. The platform disabled the user interface and discovered “malicious code” in the Google Account Manager, which targeted “whales”. Wallets with high volume” gives the hacker the ability to transfer the money to different addresses. According to the co-founder of Kyber Network Loi Lu it was The first hack on the protocol in five years.
“The attack was identified and stopped after 2 hours of investigation,” Cyber Network said. This attack was an FE exploit and no smart contract vulnerability exists.
Related: DeFi is not dead, it just needs to fix these 3 critical problems
Hackers have used exploits to launch attacks on several decentralized finance protocols, including the withdrawal of $100 million from Horizon Bridge in June and the withdrawal of $200 million worth of crypto from Nomad Token Bridge in August. Cointelegraph reported on August 11 that the vast majority of attackers responsible for the Nomad Bridge hack copied the original exploit and routed their funds to an address of their choice.