According to a blog post released on Thursday, a hacker utilized a frontend flaw to steal around $265,000 in customer funds from KyberSwap.
The protocol stated that it will refund all users for any lost assets as a result of the exploit, and it approached the hacker directly, offering them the option to return the funds in exchange for a dialogue with our team and 15% of what was taken — approximately $40,000.
Kyber Network stated, "We know the addresses you control have received payments from central exchanges, and we can follow you down from there. We also know that the addresses you own have OpenSea profiles, so we can follow you down via the NFT forums or directly through OpenSea. As the exchange doors close upon you, you will be unable to cash out without disclosing yourself.”
On September 1, Kyber Network claimed that its frontend had been shut down due to the identification of a suspicious element. The network disabled its user interface after discovering malicious malware in its Google Tag Manager that targeted whale wallets with enormous amounts of funds, allowing the hacker to transfer funds to multiple addresses. According to Loi Luu, co-founder of Kyber Network, this was the first protocol compromise in five years.
Kyber Network said, “the attack was discovered and halted after two hours of investigation. There is no smart contract vulnerability in this attack because it was a FE exploit.”
Hackers have leveraged vulnerabilities to carry out attacks on several decentralized financial protocols, including stealing $100 million from the Horizon Bridge in June and stealing $200 million from the Nomad token bridge in August.
On August 11, CoinGabbar reported that the vast majority of attackers involved in the Nomad bridge hack replicated the initial vulnerability, routing funds to addresses of their choice.
Read also: MATIC Price on a positive track, but can it surpass $1?
